Jump to content

Opera/IE google redirect


e1wasf
 Share

Recommended Posts

Hi there,

Thanks in advance for your assistance! :D

All my google links have been getting redirected since last month, and I've absolutely no idea why. Both IE and Opera seem to have the same problem. I can access most links by clicking on the 'cached' option, but I'm getting sick of having to resort to this.

I've run multiple MBAM scans to no avail. The following is the most recent log.

=========

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5214

Windows 6.1.7601 Service Pack 1, v.178

Internet Explorer 8.0.7601.16562

3/12/2010 11:13:53 PM

mbam-log-2010-12-03 (23-13-53).txt

Scan type: Quick scan

Objects scanned: 143562

Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

=========

Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:17:48 PM, on 3/12/2010

Platform: Windows 7 SP1, v.178 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.16562)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Windows\framework.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files\WordWeb\wweb32.exe

C:\Users\Evan\AppData\Local\Temp\msconfig.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [framework] framework.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [msconfig] C:\Users\Evan\AppData\Local\Temp\msconfig.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: GIGABYTE Gamer HUD Lite.lnk = C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe

O4 - Startup: Rainmeter.exe - Shortcut.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/gom/receiver/tc/FMSI.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 6983 bytes

=========

Thank you for your time. :)

Link to post
Share on other sites

Hi e1wasf

:D

Looking over your log it seems you don't have any evidence of an anti-virus software.

When we are done I'll give you a free one that I use.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Open Hijackthis (select Do a system scan only) and select the following line but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKCU\..\Run: [msconfig] C:\Users\Evan\AppData\Local\Temp\msconfig.exe

Again, make sure ALL browser windows are closed when you click FIX.

Next

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

Here's the TDSS Killer report you asked for:

2010/12/03 23:43:11.0006 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01

2010/12/03 23:43:11.0006 ================================================================================

2010/12/03 23:43:11.0006 SystemInfo:

2010/12/03 23:43:11.0006

2010/12/03 23:43:11.0006 OS Version: 6.1.7601 ServicePack: 1.0

2010/12/03 23:43:11.0006 Product type: Workstation

2010/12/03 23:43:11.0006 ComputerName: EVAN-PC

2010/12/03 23:43:11.0009 UserName: Evan

2010/12/03 23:43:11.0009 Windows directory: C:\Windows

2010/12/03 23:43:11.0009 System windows directory: C:\Windows

2010/12/03 23:43:11.0009 Processor architecture: Intel x86

2010/12/03 23:43:11.0009 Number of processors: 2

2010/12/03 23:43:11.0009 Page size: 0x1000

2010/12/03 23:43:11.0009 Boot type: Normal boot

2010/12/03 23:43:11.0009 ================================================================================

2010/12/03 23:43:11.0226 Initialize success

2010/12/03 23:43:57.0324 ================================================================================

2010/12/03 23:43:57.0324 Scan started

2010/12/03 23:43:57.0324 Mode: Manual;

2010/12/03 23:43:57.0324 ================================================================================

2010/12/03 23:43:58.0259 1394ohci (603257be9bb6c63c59a209cb188397cd) C:\Windows\system32\drivers\1394ohci.sys

2010/12/03 23:43:58.0282 ACPI (03d30820e6925134f87b3b91efa6d531) C:\Windows\system32\drivers\ACPI.sys

2010/12/03 23:43:58.0317 AcpiPmi (757b46b5b13a721631a3986f46ec19e4) C:\Windows\system32\drivers\acpipmi.sys

2010/12/03 23:43:58.0362 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/12/03 23:43:58.0382 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2010/12/03 23:43:58.0407 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2010/12/03 23:43:58.0462 AFD (a747f082a94b948329d95bd5b81240ca) C:\Windows\system32\drivers\afd.sys

2010/12/03 23:43:58.0487 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2010/12/03 23:43:58.0502 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2010/12/03 23:43:58.0537 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2010/12/03 23:43:58.0559 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2010/12/03 23:43:58.0577 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2010/12/03 23:43:58.0624 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2010/12/03 23:43:58.0644 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2010/12/03 23:43:58.0672 amdsata (1591fc5c5ab39cd8a3bc15aca8208db6) C:\Windows\system32\drivers\amdsata.sys

2010/12/03 23:43:58.0692 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/12/03 23:43:58.0729 amdxata (6c448694cbc493da5163aee19895eaf5) C:\Windows\system32\drivers\amdxata.sys

2010/12/03 23:43:58.0757 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2010/12/03 23:43:58.0869 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2010/12/03 23:43:58.0889 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2010/12/03 23:43:58.0914 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/12/03 23:43:58.0932 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2010/12/03 23:43:58.0974 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2010/12/03 23:43:59.0014 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2010/12/03 23:43:59.0034 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2010/12/03 23:43:59.0059 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/12/03 23:43:59.0084 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2010/12/03 23:43:59.0104 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/12/03 23:43:59.0149 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/12/03 23:43:59.0174 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2010/12/03 23:43:59.0187 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/12/03 23:43:59.0212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/12/03 23:43:59.0227 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/12/03 23:43:59.0249 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/12/03 23:43:59.0272 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2010/12/03 23:43:59.0339 cdrom (bbd597af715a0baf883f935507a46525) C:\Windows\system32\drivers\cdrom.sys

2010/12/03 23:43:59.0369 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2010/12/03 23:43:59.0407 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2010/12/03 23:43:59.0424 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/12/03 23:43:59.0482 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2010/12/03 23:43:59.0507 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2010/12/03 23:43:59.0517 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2010/12/03 23:43:59.0544 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/12/03 23:43:59.0584 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/12/03 23:43:59.0627 CSC (e03cc0f59998002d46119157c656dbcf) C:\Windows\system32\drivers\csc.sys

2010/12/03 23:43:59.0672 dc3d (abff959dc463e6e1a49dca6657e60b80) C:\Windows\system32\DRIVERS\dc3d.sys

2010/12/03 23:43:59.0712 DfsC (b0da84490580264b2e7e0d4ea32ce114) C:\Windows\system32\Drivers\dfsc.sys

2010/12/03 23:43:59.0729 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2010/12/03 23:43:59.0747 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2010/12/03 23:43:59.0807 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2010/12/03 23:43:59.0847 DXGKrnl (7f9b0a1d0bfb7e5b36a3524ab3a5c106) C:\Windows\System32\drivers\dxgkrnl.sys

2010/12/03 23:43:59.0932 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2010/12/03 23:43:59.0977 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2010/12/03 23:44:00.0002 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2010/12/03 23:44:00.0032 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2010/12/03 23:44:00.0057 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2010/12/03 23:44:00.0074 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2010/12/03 23:44:00.0117 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2010/12/03 23:44:00.0134 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2010/12/03 23:44:00.0172 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/12/03 23:44:00.0192 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2010/12/03 23:44:00.0217 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2010/12/03 23:44:00.0307 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS

2010/12/03 23:44:00.0329 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2010/12/03 23:44:00.0367 fvevol (722975f0ee50e2f887853804e75ee43a) C:\Windows\system32\DRIVERS\fvevol.sys

2010/12/03 23:44:00.0392 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/12/03 23:44:00.0424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/12/03 23:44:00.0444 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2010/12/03 23:44:00.0497 HdAudAddService (e7a94cb497afeec4166fad66afd70da0) C:\Windows\system32\drivers\HdAudio.sys

2010/12/03 23:44:00.0539 HDAudBus (600b32e92caf9572a1139899ab53bdbb) C:\Windows\system32\drivers\HDAudBus.sys

2010/12/03 23:44:00.0564 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/12/03 23:44:00.0577 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2010/12/03 23:44:00.0594 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2010/12/03 23:44:00.0642 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2010/12/03 23:44:00.0677 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/12/03 23:44:00.0764 HTTP (0310c24b401d870ecee27feb0b3eb079) C:\Windows\system32\drivers\HTTP.sys

2010/12/03 23:44:00.0779 hwpolicy (742249da1c4c957b4eaeefe02915d0f3) C:\Windows\system32\drivers\hwpolicy.sys

2010/12/03 23:44:00.0822 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/12/03 23:44:00.0862 iaStorV (63ef40750bf61b05e2a4475e0d307692) C:\Windows\system32\drivers\iaStorV.sys

2010/12/03 23:44:00.0894 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2010/12/03 23:44:00.0937 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2010/12/03 23:44:00.0962 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2010/12/03 23:44:00.0987 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/12/03 23:44:01.0024 IPMIDRV (a412aecd778ffb8632c0052b2420ec9c) C:\Windows\system32\drivers\IPMIDrv.sys

2010/12/03 23:44:01.0044 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2010/12/03 23:44:01.0062 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2010/12/03 23:44:01.0094 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2010/12/03 23:44:01.0124 iScsiPrt (eea76b05d67d676fc3ce95a0b9a6a5a4) C:\Windows\system32\drivers\msiscsi.sys

2010/12/03 23:44:01.0177 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/12/03 23:44:01.0197 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/12/03 23:44:01.0237 KSecDD (db32186d6beb61cc42cf868d362dd7bc) C:\Windows\system32\Drivers\ksecdd.sys

2010/12/03 23:44:01.0264 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2010/12/03 23:44:01.0302 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/12/03 23:44:01.0339 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/12/03 23:44:01.0362 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/12/03 23:44:01.0379 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/12/03 23:44:01.0434 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/12/03 23:44:01.0467 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2010/12/03 23:44:01.0484 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2010/12/03 23:44:01.0504 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/12/03 23:44:01.0532 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2010/12/03 23:44:01.0567 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2010/12/03 23:44:01.0602 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2010/12/03 23:44:01.0632 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2010/12/03 23:44:01.0647 mountmgr (531df893843d02ce62d3bfa76951c77e) C:\Windows\system32\drivers\mountmgr.sys

2010/12/03 23:44:01.0679 mpio (1c13ba296f05dbcc3a4a483ab6e2851a) C:\Windows\system32\drivers\mpio.sys

2010/12/03 23:44:01.0702 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2010/12/03 23:44:01.0722 MRxDAV (7836199ea1d407ac82a1ce73a6b98581) C:\Windows\system32\drivers\mrxdav.sys

2010/12/03 23:44:01.0764 mrxsmb (54a4950980c55723425634b77157f815) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/12/03 23:44:01.0802 mrxsmb10 (96008baa0a46847ee3325e0703ef9363) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/12/03 23:44:01.0834 mrxsmb20 (aed9002a283f48b2d33ff9d927ceac21) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/12/03 23:44:01.0862 msahci (08bcec2f04aeae1a4ed35956e6a128ed) C:\Windows\system32\drivers\msahci.sys

2010/12/03 23:44:01.0882 msdsm (5060e60d01588cd3fd48e27d1aaa9d2f) C:\Windows\system32\drivers\msdsm.sys

2010/12/03 23:44:01.0922 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2010/12/03 23:44:01.0962 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2010/12/03 23:44:02.0002 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2010/12/03 23:44:02.0029 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2010/12/03 23:44:02.0049 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/12/03 23:44:02.0067 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2010/12/03 23:44:02.0109 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2010/12/03 23:44:02.0149 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2010/12/03 23:44:02.0172 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2010/12/03 23:44:02.0184 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/12/03 23:44:02.0252 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys

2010/12/03 23:44:02.0354 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2010/12/03 23:44:02.0407 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2010/12/03 23:44:02.0449 NDIS (066bd99a254ffacdc446d298fe1b60e4) C:\Windows\system32\drivers\ndis.sys

2010/12/03 23:44:02.0472 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/12/03 23:44:02.0487 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/12/03 23:44:02.0509 Ndisuio (32c16991267cab0dbf23ed337f06bf8b) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/12/03 23:44:02.0527 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/12/03 23:44:02.0584 NDProxy (d14dd19ab140c8489f8e3d31c4d02700) C:\Windows\system32\drivers\NDProxy.sys

2010/12/03 23:44:02.0639 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2010/12/03 23:44:02.0679 NetBT (99d37ca2ddf10e03026cd49531b9d4f7) C:\Windows\system32\DRIVERS\netbt.sys

2010/12/03 23:44:02.0724 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/12/03 23:44:02.0739 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2010/12/03 23:44:02.0792 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2010/12/03 23:44:02.0832 Ntfs (7978f7f87bc19385f405ce65d405a86d) C:\Windows\system32\drivers\Ntfs.sys

2010/12/03 23:44:02.0869 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\Windows\system32\DRIVERS\NuidFltr.sys

2010/12/03 23:44:02.0882 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2010/12/03 23:44:03.0109 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/12/03 23:44:03.0189 nvraid (e8a72c0362bf9cd69bdf777b02862913) C:\Windows\system32\drivers\nvraid.sys

2010/12/03 23:44:03.0224 nvstor (992865e9294e4da1dded4c4ad36416d3) C:\Windows\system32\drivers\nvstor.sys

2010/12/03 23:44:03.0262 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2010/12/03 23:44:03.0302 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2010/12/03 23:44:03.0337 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2010/12/03 23:44:03.0352 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2010/12/03 23:44:03.0372 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2010/12/03 23:44:03.0439 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys

2010/12/03 23:44:03.0469 pci (7fedb00b310d59714cc6b01230d13fbb) C:\Windows\system32\drivers\pci.sys

2010/12/03 23:44:03.0507 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2010/12/03 23:44:03.0534 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/12/03 23:44:03.0557 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2010/12/03 23:44:03.0582 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2010/12/03 23:44:03.0654 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\Windows\system32\DRIVERS\point32k.sys

2010/12/03 23:44:03.0692 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2010/12/03 23:44:03.0712 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2010/12/03 23:44:03.0752 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2010/12/03 23:44:03.0797 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2010/12/03 23:44:03.0822 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/12/03 23:44:03.0834 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2010/12/03 23:44:03.0859 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2010/12/03 23:44:03.0882 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/12/03 23:44:03.0899 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/12/03 23:44:03.0929 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/12/03 23:44:03.0947 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2010/12/03 23:44:03.0987 rdbss (533156fa661cf702386e4ca914d48e6e) C:\Windows\system32\DRIVERS\rdbss.sys

2010/12/03 23:44:04.0002 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/12/03 23:44:04.0034 RDPCDD (894200dc7aee085e1ac6abc3dcfa5e5a) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/12/03 23:44:04.0059 RDPDR (f053ce8ab18f35b8f216f5a77e0f85d1) C:\Windows\system32\drivers\rdpdr.sys

2010/12/03 23:44:04.0069 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2010/12/03 23:44:04.0087 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2010/12/03 23:44:04.0132 RdpVideoMiniport (105c69a890f730c1b94abcff89548649) C:\Windows\system32\drivers\rdpvideominiport.sys

2010/12/03 23:44:04.0167 RDPWD (c8108461da6a5b209daaeed035c8b19e) C:\Windows\system32\drivers\RDPWD.sys

2010/12/03 23:44:04.0187 rdyboost (609fd23d206708babec757bb195464bb) C:\Windows\system32\drivers\rdyboost.sys

2010/12/03 23:44:04.0239 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2010/12/03 23:44:04.0277 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys

2010/12/03 23:44:04.0297 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

2010/12/03 23:44:04.0342 sbp2port (1580603cc7d15d42746a40a08f141b90) C:\Windows\system32\drivers\sbp2port.sys

2010/12/03 23:44:04.0379 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys

2010/12/03 23:44:04.0397 scfilter (46149917671695c6c53e5cce21bfb964) C:\Windows\system32\DRIVERS\scfilter.sys

2010/12/03 23:44:04.0429 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/12/03 23:44:04.0454 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2010/12/03 23:44:04.0472 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2010/12/03 23:44:04.0504 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2010/12/03 23:44:04.0557 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2010/12/03 23:44:04.0569 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2010/12/03 23:44:04.0587 sffp_sd (f6cad0228b66355238c80e64b702fe94) C:\Windows\system32\drivers\sffp_sd.sys

2010/12/03 23:44:04.0612 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/12/03 23:44:04.0637 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2010/12/03 23:44:04.0652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/12/03 23:44:04.0672 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/12/03 23:44:04.0687 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2010/12/03 23:44:04.0712 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2010/12/03 23:44:04.0767 srv (565d5d7437009cfd5ddf6072cc079e85) C:\Windows\system32\DRIVERS\srv.sys

2010/12/03 23:44:04.0792 srv2 (2ce50dafb60833ee9815331bf78e6cec) C:\Windows\system32\DRIVERS\srv2.sys

2010/12/03 23:44:04.0810 srvnet (20dd90c055e21e57e0586e2528a2268f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/12/03 23:44:04.0850 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\Windows\system32\DRIVERS\ss_bbus.sys

2010/12/03 23:44:04.0867 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\Windows\system32\DRIVERS\ss_bmdfl.sys

2010/12/03 23:44:04.0882 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\Windows\system32\DRIVERS\ss_bmdm.sys

2010/12/03 23:44:04.0925 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2010/12/03 23:44:04.0990 storflt (f9cee86f95372726a519e7d66006fc84) C:\Windows\system32\drivers\vmstorfl.sys

2010/12/03 23:44:05.0025 storvsc (314b6b5bacee22637c8ad138ac7ae8fc) C:\Windows\system32\drivers\storvsc.sys

2010/12/03 23:44:05.0042 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2010/12/03 23:44:05.0157 Tcpip (ba2997f44bcc249f3c383f0bea7da673) C:\Windows\system32\drivers\tcpip.sys

2010/12/03 23:44:05.0197 TCPIP6 (ba2997f44bcc249f3c383f0bea7da673) C:\Windows\system32\DRIVERS\tcpip.sys

2010/12/03 23:44:05.0230 tcpipreg (a371a6485743f7f1d753655869688c8c) C:\Windows\system32\drivers\tcpipreg.sys

2010/12/03 23:44:05.0262 TDPIPE (a3578156a3682e938abfd5457f5318a8) C:\Windows\system32\drivers\tdpipe.sys

2010/12/03 23:44:05.0277 TDTCP (d536c371fa5a43f2bee3b60b0857ee77) C:\Windows\system32\drivers\tdtcp.sys

2010/12/03 23:44:05.0295 tdx (b6cb4ecc4142388ceb7c6c568f9e6cd1) C:\Windows\system32\DRIVERS\tdx.sys

2010/12/03 23:44:05.0305 TermDD (5cab301fa1300f19dab769f18f05bd17) C:\Windows\system32\drivers\termdd.sys

2010/12/03 23:44:05.0335 terminpt (e9fddf205210c265c9448f4eab0545a4) C:\Windows\system32\DRIVERS\terminpt.sys

2010/12/03 23:44:05.0387 TPkd (5815ae5ef8519066f19e575d67f6f191) C:\Windows\system32\drivers\TPkd.sys

2010/12/03 23:44:05.0432 tssecsrv (14ac0bc654508bf98f9a501f402709cc) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/12/03 23:44:05.0467 TsUsbFlt (d0a10ef0d435739a32eed44b6f4cfa21) C:\Windows\system32\drivers\tsusbflt.sys

2010/12/03 23:44:05.0512 tunnel (ff8fb6c8b15dacfe71057d7b0e79b427) C:\Windows\system32\DRIVERS\tunnel.sys

2010/12/03 23:44:05.0547 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2010/12/03 23:44:05.0575 udfs (00e6889653b8b7f220d3565c953bb185) C:\Windows\system32\DRIVERS\udfs.sys

2010/12/03 23:44:05.0605 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2010/12/03 23:44:05.0667 umbus (b44b6c1f50daa3ed532aa1cfdfd2b192) C:\Windows\system32\drivers\umbus.sys

2010/12/03 23:44:05.0690 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2010/12/03 23:44:05.0745 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys

2010/12/03 23:44:05.0767 usbccgp (76880d8312c4595a6a2909819a869010) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/12/03 23:44:05.0802 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2010/12/03 23:44:05.0822 usbehci (dfb8c7a7fdc1e90ab39f4874cc1aae32) C:\Windows\system32\drivers\usbehci.sys

2010/12/03 23:44:05.0845 usbhub (b580202f0b982c6e8b7403fb7d285dfe) C:\Windows\system32\drivers\usbhub.sys

2010/12/03 23:44:05.0865 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys

2010/12/03 23:44:05.0930 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2010/12/03 23:44:05.0972 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2010/12/03 23:44:05.0992 USBSTOR (251fae54062b021516ba4e538d1ecfb2) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/12/03 23:44:06.0032 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys

2010/12/03 23:44:06.0057 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2010/12/03 23:44:06.0090 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/12/03 23:44:06.0105 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2010/12/03 23:44:06.0140 vhdmp (63af903a647295d801163a166351c566) C:\Windows\system32\drivers\vhdmp.sys

2010/12/03 23:44:06.0205 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2010/12/03 23:44:06.0220 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2010/12/03 23:44:06.0295 VIAHdAudAddService (ec1fdb8461acca4e34c2022e2b32cf5c) C:\Windows\system32\drivers\viahduaa.sys

2010/12/03 23:44:06.0332 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2010/12/03 23:44:06.0372 vmbus (64d56d26b8d79c31584267ace105521a) C:\Windows\system32\drivers\vmbus.sys

2010/12/03 23:44:06.0395 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

2010/12/03 23:44:06.0407 volmgr (608cfc7d3b638ba5843be026951e03d3) C:\Windows\system32\drivers\volmgr.sys

2010/12/03 23:44:06.0427 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2010/12/03 23:44:06.0447 volsnap (cc63437be17db71b356887736680e266) C:\Windows\system32\drivers\volsnap.sys

2010/12/03 23:44:06.0487 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/12/03 23:44:06.0507 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2010/12/03 23:44:06.0530 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2010/12/03 23:44:06.0567 WANARP (205ebf4773ffd5dd58a625555d97da1e) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/03 23:44:06.0575 Wanarpv6 (205ebf4773ffd5dd58a625555d97da1e) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/03 23:44:06.0602 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2010/12/03 23:44:06.0632 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2010/12/03 23:44:06.0675 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/12/03 23:44:06.0695 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2010/12/03 23:44:06.0777 WinUsb (8be4eeaaed25e769c8b3b62df34420c6) C:\Windows\system32\DRIVERS\WinUsb.sys

2010/12/03 23:44:06.0825 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2010/12/03 23:44:06.0855 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/12/03 23:44:06.0907 WudfPf (07c8005ad9feb4f050e8f83cb177e546) C:\Windows\system32\drivers\WudfPf.sys

2010/12/03 23:44:06.0940 WUDFRd (59504d70479fdd577adee9ac760290d1) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/12/03 23:44:06.0987 ================================================================================

2010/12/03 23:44:06.0987 Scan finished

2010/12/03 23:44:06.0987 ================================================================================

BTW, thanks for the prompt reply. :D

Link to post
Share on other sites

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Combofix report as requested:

ComboFix 10-12-02.05 - Evan 04/12/2010 0:02.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.2291 [GMT 11:00]

Running from: c:\users\Evan\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Evan\AppData\Local\Temp\A10F.tmp

c:\users\Evan\AppData\Roaming\aladumu.exe

c:\users\Evan\AppData\Roaming\ddlovii.exe

c:\users\Evan\AppData\Roaming\dtrspqj.exe

c:\users\Evan\AppData\Roaming\eehzkak.exe

c:\users\Evan\AppData\Roaming\ejeifad.exe

c:\users\Evan\AppData\Roaming\eumglcu.exe

c:\users\Evan\AppData\Roaming\fkfivbs.exe

c:\users\Evan\AppData\Roaming\google_cache243.tmp

c:\users\Evan\AppData\Roaming\google_cache746.tmp

c:\users\Evan\AppData\Roaming\gpufpcc.exe

c:\users\Evan\AppData\Roaming\gxaltrj.exe

c:\users\Evan\AppData\Roaming\hqqwuct.exe

c:\users\Evan\AppData\Roaming\icnsmhy.exe

c:\users\Evan\AppData\Roaming\jjwepwp.exe

c:\users\Evan\AppData\Roaming\jktulqc.exe

c:\users\Evan\AppData\Roaming\jlffmtc.exe

c:\users\Evan\AppData\Roaming\jmkfrya.exe

c:\users\Evan\AppData\Roaming\jvmaatn.exe

c:\users\Evan\AppData\Roaming\khwqjbc.exe

c:\users\Evan\AppData\Roaming\Microsoft\Crypted.exe

c:\users\Evan\AppData\Roaming\Microsoft\eraseme.exe

c:\users\Evan\AppData\Roaming\Microsoft\metus.exe

c:\users\Evan\AppData\Roaming\Microsoft\newcrypt.exe

c:\users\Evan\AppData\Roaming\Microsoft\Run.exe

c:\users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe

c:\users\Evan\AppData\Roaming\pfiekwq.exe

c:\users\Evan\AppData\Roaming\ptibrrh.exe

c:\users\Evan\AppData\Roaming\qmphdby.exe

c:\users\Evan\AppData\Roaming\raid64.exe

c:\users\Evan\AppData\Roaming\rgyumdx.exe

c:\users\Evan\AppData\Roaming\sijvkve.exe

c:\users\Evan\AppData\Roaming\tacwijc.exe

c:\users\Evan\AppData\Roaming\tahjmdr.exe

c:\users\Evan\AppData\Roaming\uritwwj.exe

c:\users\Evan\AppData\Roaming\wydfbon.exe

c:\users\Evan\AppData\Roaming\wznaqna.exe

c:\users\Evan\AppData\Roaming\xlsyxge.exe

c:\users\Evan\AppData\Roaming\xuxqnoh.exe

c:\users\Evan\AppData\Roaming\zqbfyik.exe

c:\users\Evan\AppData\Roaming\zrzysia.exe

c:\windows\framework.exe

D:\Autorun.inf

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe

.

((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))

.

2010-12-03 12:11 . 2010-12-03 12:11 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-12-03 12:11 . 2010-12-03 12:11 -------- d-----w- c:\program files\Trend Micro

2010-12-03 11:08 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFFD1FEE-B8BC-4517-9A47-9AF60BD2D77B}\mpengine.dll

2010-12-01 09:26 . 2009-07-14 01:16 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LXKPTPRC.DLL

2010-11-16 16:45 . 2010-11-16 17:11 -------- d-----w- c:\users\Evan\AppData\Roaming\Mobipocket

2010-11-16 16:45 . 2010-11-16 16:45 -------- d-----w- c:\program files\Mobipocket.com

2010-11-13 06:21 . 2010-11-13 06:21 -------- d-----w- c:\users\Evan\AppData\Local\Activision

2010-11-13 06:21 . 2010-06-01 17:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2010-11-13 06:21 . 2010-06-01 17:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2010-11-13 06:21 . 2010-06-01 17:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2010-11-13 06:21 . 2010-05-26 00:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2010-11-13 06:21 . 2010-05-26 00:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2010-11-13 06:21 . 2010-05-26 00:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2010-11-13 06:21 . 2010-05-26 00:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2010-11-13 06:21 . 2010-05-26 00:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2010-11-13 06:01 . 2010-11-13 06:01 -------- d-----w- c:\program files\Activision

2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-02 16:06 . 2010-10-20 12:15 59392 --sh--r- c:\users\Evan\AppData\Roaming\iTunes.exe

2010-11-29 06:42 . 2010-04-20 11:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 06:42 . 2010-04-20 11:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-18 23:41 . 2009-11-14 01:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

2010-09-14 17:50 . 2010-06-08 06:32 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]

@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"

[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]

2010-06-03 14:53 442368 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-09-16 16982016]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2009-6-30 1678848]

Rainmeter.exe - Shortcut.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2009-11-14 42176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKLM\~\startupfolder\C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 12:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-22 17:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apple iPod Service]

2010-12-02 16:06 59392 --sh--r- c:\users\Evan\AppData\Roaming\iTunes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2009-05-12 23:22 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

2008-07-22 01:34 2772992 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

2009-04-06 23:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON TX110 Series]

2008-09-25 20:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFBP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2009-06-01 02:51 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 05:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2010-11-29 06:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-09-22 13:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 00:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Packet Monitor]

2010-07-22 16:33 266240 ----a-w- c:\users\Evan\AppData\Roaming\packet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2010-06-03 14:51 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrokeIt]

2009-06-16 17:52 24712 ----a-w- c:\program files\TCB Networks\StrokeIt\strokeit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-06-03 3179520]

R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-06-03 164352]

R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-06-03 10240]

R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]

R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]

R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-06-03 80264]

R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]

R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2009-07-13 50176]

R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]

R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]

R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]

R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]

R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]

R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]

R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]

R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]

R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]

R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]

R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]

R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]

R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]

R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-06-03 332168]

R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-06-03 65536]

R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-06-03 232840]

R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]

R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]

R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]

R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]

R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]

R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-06-03 130440]

R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-06-03 28040]

R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-06-03 116104]

R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]

R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 MsRPC;MsRPC; [x]

R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]

R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]

R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]

R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]

R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-06-03 143752]

R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]

R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-06-03 15872]

R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]

R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-06-03 26624]

R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]

R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]

R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]

R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856]

R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]

R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-06-03 28032]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2010-06-03 25600]

R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-06-03 204800]

R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-06-03 31232]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-06-03 50048]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]

R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]

R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]

R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-06-03 159616]

R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]

R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]

R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]

R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968]

R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]

R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2009-07-14 1202688]

R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]

R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]

R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]

R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-06-03 22408]

S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]

S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]

S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]

S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-06-03 194808]

S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-06-03 14216]

S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]

S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]

S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]

S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-06-03 173448]

S0 spldr;Security Processor Loader Driver; [x]

S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-06-03 40712]

S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]

S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-06-03 176008]

S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-06-03 53128]

S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]

S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]

S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-06-03 388096]

S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-06-03 78336]

S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]

S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]

S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]

S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]

S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-06-03 74240]

S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-06-03 63488]

S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]

S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-05-10 233472]

S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]

S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]

S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]

S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-06-03 35328]

S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992]

S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]

S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-07-13 31232]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-06-01 21392]

S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-06-03 728448]

S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]

S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608]

S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]

S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]

S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]

S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-06-03 222208]

S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-06-03 95744]

S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]

S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-06-03 307200]

S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-06-03 113664]

S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-06-03 108544]

S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-06-03 39936]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-09-08 901120]

S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

RPCSS REG_MULTI_SZ RpcEptMapper RpcSs

defragsvc REG_MULTI_SZ defragsvc

WerSvcGroup REG_MULTI_SZ wersvc

LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc

swprv REG_MULTI_SZ swprv

LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg

NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm

regsvc REG_MULTI_SZ RemoteRegistry

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc

DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch

NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent

sdrsvc REG_MULTI_SZ sdrsvc

WbioSvcGroup REG_MULTI_SZ WbioSrvc

wcssvc REG_MULTI_SZ WcsPlugInService

AxInstSVGroup REG_MULTI_SZ AxInstSV

secsvcs REG_MULTI_SZ WinDefend

PeerDist REG_MULTI_SZ PeerDistSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

AeLookupSvc

CertPropSvc

SCPolicySvc

lanmanserver

gpsvc

IKEEXT

AudioSrv

FastUserSwitchingCompatibility

Nla

NWCWorkstation

SRService

Wmi

WmdmPmSp

TermService

wuauserv

BITS

ShellHWDetection

LogonHours

PCAudit

helpsvc

uploadmgr

iphlpsvc

seclogon

AppInfo

msiscsi

MMCSS

wercplsupport

EapHost

ProfSvc

schedule

hkmsvc

SessionEnv

winmgmt

browser

Themes

BDESVC

AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted

homegrouplistener

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

WdiServiceHost

sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService

lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted

BthHFSrv

homegroupprovider

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ninemsn.com.au/

uInternet Settings,ProxyOverride = *.local

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-NPSStartup - (no file)

HKLM-Run-framework - framework.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

SafeBoot-sacsvr

SafeBoot-vmms

MSConfigStartUp-DDS - c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe

MSConfigStartUp-Driver Control Manager v2 - c:\users\Evan\AppData\Local\Temp\staklic.exe

MSConfigStartUp-Framework - c:\users\Evan\AppData\Local\Temp\dxdiag.exe

MSConfigStartUp-GodServices - c:\users\Evan\AppData\Local\Temp\godservices.exe

MSConfigStartUp-HKCU - c:\users\Evan\AppData\Roaming\install\Svchost.exe

MSConfigStartUp-Internet Security Service - c:\systemfiles\x-f-324553-12314-3344-1\ise32.exe

MSConfigStartUp-Microsoft - c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe

MSConfigStartUp-Microsoft Protector - c:\users\Evan\AppData\Roaming\winlogon.exe

MSConfigStartUp-outbreak - c:\windows\outbreak.exe

MSConfigStartUp-StartServiceWKKBTRRS - c:\users\Evan\AppData\Local\WKKBTRRS\StartService.exe

MSConfigStartUp-Startup - c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe

MSConfigStartUp-System RAID Manager - c:\users\Evan\AppData\Roaming\raid64.exe

MSConfigStartUp-WinDoS - c:\users\Evan\AppData\Roaming\WinDoS.exe

MSConfigStartUp-Windows Defense - c:\users\Evan\AppData\Roaming\winlogon.exe

MSConfigStartUp-Windows Firewall - c:\users\Evan\AppData\Local\Temp\svchost.exe

MSConfigStartUp-Windows Update - c:\users\Evan\AppData\Roaming\Microsoft\winupdate.exe

MSConfigStartUp-WinsysMon - c:\users\Evan\Desktop\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\LiveUpdate.exe

MSConfigStartUp-XA5RJ9EADJ - c:\users\Evan\AppData\Local\Temp\Ezr.exe

MSConfigStartUp-YVIBBBHA8C - c:\users\Evan\AppData\Local\Temp\Ezq.exe

ActiveSetup-{FDEBDB3F-BD6F-FDF9-C2FC-DACABC0EFA2D} - c:\users\Evan\AppData\Local\Temp\msconfig.exe

AddRemove-{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0} - c:\program files\InstallShield Installation Information\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:14

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:14

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:14

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:14

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:14

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:14

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:14

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:14

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:14

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:14

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:14

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information*]

"datasecu"=hex:07,37,cc,61,5a,d0,52,78,34,12,c1,93,40,fc,db,dc,d4,0f,3a,a7,8c,

fe,10,76,76,c2,25,36,19,92,f5,3e,f9,62,17,ec,e0,f1,d1,89,5c,ab,c1,86,b9,78,\

"rkeysecu"=hex:d5,0a,79,73,61,f8,40,ae,45,cd,7f,f7,94,a1,ff,c8

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\AUDIODG.EXE

c:\windows\system32\DllHost.exe

.

**************************************************************************

.

Completion time: 2010-12-04 00:16:03 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-03 13:16

Pre-Run: 13,505,970,176 bytes free

Post-Run: 14,288,687,104 bytes free

- - End Of File - - 93875AD38FD444541307BF8D8B6CBA4F

Link to post
Share on other sites

Your system was severely infected. We still have some work to do as the malware is still present..... :D

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

NetSvc::
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apple iPod Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON TX110 Series]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Packet Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrokeIt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Link to post
Share on other sites

Cheers. New log.

ComboFix 10-12-02.05 - Evan 04/12/2010 0:52.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.2374 [GMT 11:00]

Running from: c:\users\Evan\Desktop\ComboFix.exe

Command switches used :: c:\users\Evan\Desktop\CFScript.txt

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_AppMgmt

((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))

.

2010-12-03 13:55 . 2010-12-03 13:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-03 13:06 . 2010-12-03 13:57 -------- d-----w- c:\users\Evan\AppData\Local\temp

2010-12-03 12:11 . 2010-12-03 12:11 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-12-03 12:11 . 2010-12-03 12:11 -------- d-----w- c:\program files\Trend Micro

2010-12-03 11:08 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFFD1FEE-B8BC-4517-9A47-9AF60BD2D77B}\mpengine.dll

2010-12-01 09:26 . 2009-07-14 01:16 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LXKPTPRC.DLL

2010-11-16 16:45 . 2010-11-16 17:11 -------- d-----w- c:\users\Evan\AppData\Roaming\Mobipocket

2010-11-16 16:45 . 2010-11-16 16:45 -------- d-----w- c:\program files\Mobipocket.com

2010-11-13 06:21 . 2010-11-13 06:21 -------- d-----w- c:\users\Evan\AppData\Local\Activision

2010-11-13 06:21 . 2010-06-01 17:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2010-11-13 06:21 . 2010-06-01 17:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2010-11-13 06:21 . 2010-06-01 17:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2010-11-13 06:21 . 2010-05-26 00:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2010-11-13 06:21 . 2010-05-26 00:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2010-11-13 06:21 . 2010-05-26 00:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2010-11-13 06:21 . 2010-05-26 00:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2010-11-13 06:21 . 2010-05-26 00:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2010-11-13 06:01 . 2010-11-13 06:01 -------- d-----w- c:\program files\Activision

2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-02 16:06 . 2010-10-20 12:15 59392 --sh--r- c:\users\Evan\AppData\Roaming\iTunes.exe

2010-11-29 06:42 . 2010-04-20 11:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 06:42 . 2010-04-20 11:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-18 23:41 . 2009-11-14 01:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

2010-09-14 17:50 . 2010-06-08 06:32 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]

@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"

[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]

2010-06-03 14:53 442368 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-09-16 16982016]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2009-6-30 1678848]

Rainmeter.exe - Shortcut.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2009-11-14 42176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKLM\~\startupfolder\C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-06-03 164352]

R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-06-03 10240]

R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]

R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]

R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-06-03 80264]

R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]

R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2009-07-13 50176]

R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]

R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]

R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]

R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]

R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]

R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]

R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]

R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]

R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]

R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]

R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]

R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]

R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]

R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-06-03 332168]

R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-06-03 65536]

R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-06-03 232840]

R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]

R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]

R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]

R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]

R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]

R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-06-03 130440]

R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-06-03 28040]

R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-06-03 116104]

R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]

R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 MsRPC;MsRPC; [x]

R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]

R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]

R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]

R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]

R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-06-03 143752]

R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]

R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-06-03 15872]

R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]

R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-06-03 26624]

R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]

R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]

R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]

R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856]

R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]

R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-06-03 28032]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2010-06-03 25600]

R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-06-03 204800]

R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-06-03 31232]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-06-03 50048]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]

R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]

R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]

R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-06-03 159616]

R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]

R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]

R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]

R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968]

R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]

R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2009-07-14 1202688]

R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]

R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]

R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]

R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-06-03 22408]

S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]

S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]

S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]

S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-06-03 194808]

S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-06-03 14216]

S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]

S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]

S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]

S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-06-03 173448]

S0 spldr;Security Processor Loader Driver; [x]

S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-06-03 40712]

S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]

S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-06-03 176008]

S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-06-03 53128]

S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]

S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]

S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-06-03 388096]

S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-06-03 78336]

S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]

S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]

S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]

S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]

S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-06-03 74240]

S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-06-03 63488]

S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]

S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-05-10 233472]

S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]

S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]

S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]

S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-06-03 3179520]

S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-06-03 35328]

S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992]

S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]

S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-07-13 31232]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-06-01 21392]

S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-06-03 728448]

S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]

S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608]

S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]

S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]

S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]

S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-06-03 222208]

S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-06-03 95744]

S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]

S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-06-03 307200]

S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-06-03 113664]

S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-06-03 108544]

S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-06-03 39936]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-09-08 901120]

S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

RPCSS REG_MULTI_SZ RpcEptMapper RpcSs

defragsvc REG_MULTI_SZ defragsvc

WerSvcGroup REG_MULTI_SZ wersvc

LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc

swprv REG_MULTI_SZ swprv

LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg

NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm

regsvc REG_MULTI_SZ RemoteRegistry

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc

DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch

NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent

sdrsvc REG_MULTI_SZ sdrsvc

WbioSvcGroup REG_MULTI_SZ WbioSrvc

wcssvc REG_MULTI_SZ WcsPlugInService

AxInstSVGroup REG_MULTI_SZ AxInstSV

secsvcs REG_MULTI_SZ WinDefend

PeerDist REG_MULTI_SZ PeerDistSvc

NETSVCS REQUIRES REPAIRS - current entries shown

Ias

Irmon

Ntmssvc

Nwsapagent

Rasauto

Rasman

Remoteaccess

SENS

Sharedaccess

Tapisrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted

homegrouplistener

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

WdiServiceHost

sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService

lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted

BthHFSrv

homegroupprovider

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ninemsn.com.au/

uInternet Settings,ProxyOverride = *.local

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:57

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:57

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:57

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:57

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 00:57

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information*]

"datasecu"=hex:07,37,cc,61,5a,d0,52,78,34,12,c1,93,40,fc,db,dc,d4,0f,3a,a7,8c,

fe,10,76,76,c2,25,36,19,92,f5,3e,f9,62,17,ec,e0,f1,d1,89,5c,ab,c1,86,b9,78,\

"rkeysecu"=hex:d5,0a,79,73,61,f8,40,ae,45,cd,7f,f7,94,a1,ff,c8

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\AUDIODG.EXE

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\DllHost.exe

.

**************************************************************************

.

Completion time: 2010-12-04 00:59:18 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-03 13:59

ComboFix2.txt 2010-12-03 13:16

Pre-Run: 14,322,110,464 bytes free

Post-Run: 14,011,912,192 bytes free

- - End Of File - - A05D838CB57422A0FD48D48FB7033356

Link to post
Share on other sites

The Net Services alarms could simply be due to restrictions placed on this computer. Is this a business PC?

Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Whoa! WHoa! Dude, something went seriously wrong. I'm on my brother's laptop right now.

I ran the MBAM scam as you asked. It found 1 infection in the appdata/temp directory if I remember correctly. Everything went wrong after rebooting. The log-on screen was stuck on 'preparing desktop' for quite a bit. When the desktop did load, an error message popped up:

C:\Windows\system32\config\systemprofile\Desktop is not accessible

Access is denied.

I tried rebooting again, to no avail. The windows 7 taskbar has been replaced with the classic version. The desktop icons are gone. And most executable files won't run. I can still, however, access files on my HDD (not the ones on the desktop though).

I tried to run MBAM, but it won't load. The error message says 'The dependency service or group failed to start'. I tried to take a screenshot, but nothing on mspaint will save - it says 'Location is denied' every time I try.

The internet connection seems to be fine. Opera won't load. IE loads and gets stuck on the homepage.

:D

What am I supposed to do now? Also, it's a home PC, not a business one.

Link to post
Share on other sites

CF shows some modifications. I want to look at a scan for now. Reboot your PC and try to run this scan

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Note: Kaspersky does not remove anything but will provide a log of anything it finds. So, we can remove it with another tool. Kaspersky is very thorough of finding infection and it takes a while to run. You might want to grab your favor beverage.. :-)

Link to post
Share on other sites

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now Use your arrow keys to move to "Last Known Good Configuration" and press your Enter key. This will enables the system to go back to a date before you had this problem. We might need to download combofix again as before. But just post a HijackThis log for now. And let me know if this worked?

Link to post
Share on other sites

On the PC your going to use and flash drive that is going to used on the clean computer. No need to spread any malware. Download the following. With your flash drive plugged in the drive of the clean PC:

Make sure you plug in all your removable devices, otherwise you could spread this infecton into another computer.

Flash Drive Disinfector

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Next

Download ComboFix again let it replace the other one and run it as before...Be sure to save the log. Post it here please.

Also, print out or save these instructions into note pad on a flash drive. (so you can see how to run the tools). If you can't save it to the desktop of the infected computer, you can run it right off of the flash drive.

Link to post
Share on other sites

Oh wait. Hold on.

I clicked 'Repair Windows' at the safe mode prompt and managed to restore the system to previous settings. It seems to have done the job. We're back to square one I guess.

This is the current HTL:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:24:14 AM, on 4/12/2010

Platform: Windows 7 SP1, v.178 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.16562)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files\WordWeb\wweb32.exe

C:\Windows\framework.exe

C:\Users\Evan\AppData\Local\temp\msconfig.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [framework] framework.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [msconfig] C:\Users\Evan\AppData\Local\Temp\msconfig.exe

O4 - HKCU\..\Run: [Apple iPod Service] C:\Users\Evan\AppData\Roaming\iTunes.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: GIGABYTE Gamer HUD Lite.lnk = C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe

O4 - Startup: Rainmeter.exe - Shortcut.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/gom/receiver/tc/FMSI.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 7412 bytes

Link to post
Share on other sites

The Kaspersky updates are giving me a lot of trouble. The downloading took its sweet time (around a couple of hours for only a 100 MB :( ), and now it says the update failed because the Internet connection was inconsistent. :)

I refreshed and tried again. Now it won't even attempt to start updating - I just keep getting the 'inconsistent' error.

Is there an alternative software I can try? Oh and obviously the redirecting problem's back after the system restore - should I run ComboFix (without your CFScript) to fix it up again?

Link to post
Share on other sites

ESET will work.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

ESET log:

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\56a12ea4-766692f8 multiple threats

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-7dd75de1 probably a variant of Win32/Agent.FXHNPDJ trojan

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-78122087 probably a variant of Win32/Agent.FXHNPDJ trojan

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\15467029-6ee724b4 probably a variant of Win32/Agent.FXHNPDJ trojan

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-27f04b56 probably a variant of Win32/Agent.FXHNPDJ trojan

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6c959aab-2ea1f28e multiple threats

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-518d9c2a probably a variant of Win32/Agent.FXHNPDJ trojan

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-2ab473fc a variant of Java/TrojanDownloader.OpenStream.NAU trojan

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57e27139-10ff6385 a variant of Java/TrojanDownloader.OpenStream.NAU trojan

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\6b535139-4390f394 Java/TrojanDownloader.Agent.NBB trojan

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1df965c9-3df06b51 multiple threats

C:\Users\Evan\AppData\Roaming\awqyfeb.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\dphmosj.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\dtrspqj.exe Win32/Dewnad.AK worm

C:\Users\Evan\AppData\Roaming\dzoiakq.exe a variant of Win32/Injector.DAL trojan

C:\Users\Evan\AppData\Roaming\ejeifad.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\eumglcu.exe a variant of Win32/Injector.CNY trojan

C:\Users\Evan\AppData\Roaming\fncdtqe.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\fqkenby.exe a variant of Win32/Injector.CHV trojan

C:\Users\Evan\AppData\Roaming\ftocyye.exe a variant of Win32/Injector.CHV trojan

C:\Users\Evan\AppData\Roaming\gibmfis.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\gpufpcc.exe a variant of Win32/Injector.CLJ trojan

C:\Users\Evan\AppData\Roaming\gxaltrj.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\hpnjbyj.exe a variant of Win32/Injector.CHV trojan

C:\Users\Evan\AppData\Roaming\hqqwuct.exe a variant of MSIL/Agent.NCX trojan

C:\Users\Evan\AppData\Roaming\hthpxiy.exe a variant of Win32/Injector.CHV trojan

C:\Users\Evan\AppData\Roaming\hyecael.exe a variant of Win32/Injector.CHV trojan

C:\Users\Evan\AppData\Roaming\icbuxha.exe a variant of Win32/Injector.DAL trojan

C:\Users\Evan\AppData\Roaming\icnsmhy.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\iovzqpb.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\iswztnt.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\jdqetzt.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\jflldmo.exe a variant of Win32/Injector.DAL trojan

C:\Users\Evan\AppData\Roaming\jktulqc.exe Win32/Dewnad.AK worm

C:\Users\Evan\AppData\Roaming\jlffmtc.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\jmkfrya.exe a variant of Win32/Injector.CFX trojan

C:\Users\Evan\AppData\Roaming\mgnrzzq.exe a variant of Win32/Injector.DAL trojan

C:\Users\Evan\AppData\Roaming\mrvphbz.exe a variant of Win32/Injector.DAL trojan

C:\Users\Evan\AppData\Roaming\mycomputp.dll Win32/Agent.RMC trojan

C:\Users\Evan\AppData\Roaming\nrvtymn.exe a variant of Win32/Injector.CHV trojan

C:\Users\Evan\AppData\Roaming\nuotiem.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\ovujbzz.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\packet.exe a variant of Win32/Injector.DAL trojan

C:\Users\Evan\AppData\Roaming\pfiekwq.exe probably a variant of Win32/AutoRun.IRCBot.FC worm

C:\Users\Evan\AppData\Roaming\qjgskpq.exe a variant of Win32/Injector.DAL trojan

C:\Users\Evan\AppData\Roaming\qmphdby.exe probably unknown NewHeur_PE virus

C:\Users\Evan\AppData\Roaming\quscblv.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\raid64.exe a variant of Win32/Injector.CHV trojan

C:\Users\Evan\AppData\Roaming\rgyumdx.exe a variant of Win32/Injector.CLJ trojan

C:\Users\Evan\AppData\Roaming\rrhflfq.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\shtgurs.exe a variant of Win32/Injector.DAL trojan

C:\Users\Evan\AppData\Roaming\sijvkve.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\tacwijc.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\tlwkvcl.exe a variant of Win32/Injector.DAL trojan

C:\Users\Evan\AppData\Roaming\trpjyqb.exe a variant of Win32/Injector.CHV trojan

C:\Users\Evan\AppData\Roaming\uigljis.exe a variant of Win32/Injector.CHV trojan

C:\Users\Evan\AppData\Roaming\uritwwj.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\vckypiz.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\vhmnzzq.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\vhuhykr.exe a variant of Win32/Injector.CHV trojan

C:\Users\Evan\AppData\Roaming\vwvbwzl.exe a variant of Win32/Injector.DAL trojan

C:\Users\Evan\AppData\Roaming\xlsyxge.exe Win32/AutoRun.IRCBot.CX worm

C:\Users\Evan\AppData\Roaming\ycwwfnz.exe a variant of Win32/Injector.DAL trojan

C:\Users\Evan\AppData\Roaming\ysybmyz.exe a variant of Win32/Injector.CHV trojan

C:\Users\Evan\AppData\Roaming\zlyqlpy.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\zrzysia.exe Win32/Oficla.HW trojan

C:\Users\Evan\AppData\Roaming\Microsoft\Crypted.exe a variant of Win32/Injector.CUA trojan

C:\Users\Evan\AppData\Roaming\Microsoft\eraseme.exe probably a variant of Win32/Injector.AXP trojan

C:\Users\Evan\AppData\Roaming\Microsoft\metus.exe Win32/Dewnad.AM worm

C:\Users\Evan\AppData\Roaming\Microsoft\newcrypt.exe a variant of Win32/Injector.CTL trojan

C:\Users\Evan\AppData\Roaming\Microsoft\Run.exe probably a variant of MSIL/Injector.I trojan

C:\Users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe probably a variant of Win32/IRCBot.DRVMJMG trojan

C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.DZ trojan

C:\Windows\explorer.exe Win32/Bamital.EL trojan

C:\Windows\framework.exe probably a variant of Win32/Injector.CRM trojan

C:\Windows\System32\wininit.exe Win32/Bamital.EL trojan

D:\Svchost.exe a variant of Win32/Injector.CUA trojan

Link to post
Share on other sites

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

ComboFix 10-12-03.03 - Evan 05/12/2010 0:21.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.2541 [GMT 11:00]

Running from: c:\users\Evan\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Evan\AppData\Roaming\aladumu.exe

c:\users\Evan\AppData\Roaming\ddlovii.exe

c:\users\Evan\AppData\Roaming\dtrspqj.exe

c:\users\Evan\AppData\Roaming\eehzkak.exe

c:\users\Evan\AppData\Roaming\ejeifad.exe

c:\users\Evan\AppData\Roaming\eumglcu.exe

c:\users\Evan\AppData\Roaming\fkfivbs.exe

c:\users\Evan\AppData\Roaming\gpufpcc.exe

c:\users\Evan\AppData\Roaming\gxaltrj.exe

c:\users\Evan\AppData\Roaming\hqqwuct.exe

c:\users\Evan\AppData\Roaming\icnsmhy.exe

c:\users\Evan\AppData\Roaming\jjwepwp.exe

c:\users\Evan\AppData\Roaming\jktulqc.exe

c:\users\Evan\AppData\Roaming\jlffmtc.exe

c:\users\Evan\AppData\Roaming\jmkfrya.exe

c:\users\Evan\AppData\Roaming\jvmaatn.exe

c:\users\Evan\AppData\Roaming\khwqjbc.exe

c:\users\Evan\AppData\Roaming\Microsoft\Crypted.exe

c:\users\Evan\AppData\Roaming\Microsoft\eraseme.exe

c:\users\Evan\AppData\Roaming\Microsoft\metus.exe

c:\users\Evan\AppData\Roaming\Microsoft\newcrypt.exe

c:\users\Evan\AppData\Roaming\Microsoft\Run.exe

c:\users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe

c:\users\Evan\AppData\Roaming\pfiekwq.exe

c:\users\Evan\AppData\Roaming\ptibrrh.exe

c:\users\Evan\AppData\Roaming\qmphdby.exe

c:\users\Evan\AppData\Roaming\raid64.exe

c:\users\Evan\AppData\Roaming\rgyumdx.exe

c:\users\Evan\AppData\Roaming\sijvkve.exe

c:\users\Evan\AppData\Roaming\tacwijc.exe

c:\users\Evan\AppData\Roaming\tahjmdr.exe

c:\users\Evan\AppData\Roaming\uritwwj.exe

c:\users\Evan\AppData\Roaming\wydfbon.exe

c:\users\Evan\AppData\Roaming\wznaqna.exe

c:\users\Evan\AppData\Roaming\xlsyxge.exe

c:\users\Evan\AppData\Roaming\xuxqnoh.exe

c:\users\Evan\AppData\Roaming\zqbfyik.exe

c:\users\Evan\AppData\Roaming\zrzysia.exe

c:\windows\framework.exe

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe

.

((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))

.

2010-12-04 13:25 . 2010-12-04 13:27 -------- d-----w- c:\users\Evan\AppData\Local\temp

2010-12-04 13:25 . 2010-12-04 13:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-03 20:53 . 2010-12-03 20:53 -------- d-----w- c:\program files\Common Files\Java

2010-12-03 20:53 . 2010-12-03 20:53 -------- d-----w- c:\program files\Java

2010-12-03 18:22 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CEF266C6-F3E1-4AE8-B172-276EE4CB8BF8}\mpengine.dll

2010-12-03 18:21 . 2010-12-03 18:21 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-12-03 18:10 . 2010-12-03 18:10 -------- d-----w- c:\windows\system32\%LocalAppData%

2010-12-03 12:11 . 2010-12-03 12:11 -------- d-----w- c:\program files\Trend Micro

2010-12-01 09:26 . 2009-07-14 01:16 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LXKPTPRC.DLL

2010-11-16 16:45 . 2010-11-16 17:11 -------- d-----w- c:\users\Evan\AppData\Roaming\Mobipocket

2010-11-16 16:45 . 2010-11-16 16:45 -------- d-----w- c:\program files\Mobipocket.com

2010-11-13 06:21 . 2010-11-13 06:21 -------- d-----w- c:\users\Evan\AppData\Local\Activision

2010-11-13 06:21 . 2010-06-01 17:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2010-11-13 06:21 . 2010-06-01 17:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2010-11-13 06:21 . 2010-06-01 17:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2010-11-13 06:21 . 2010-05-26 00:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2010-11-13 06:21 . 2010-05-26 00:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2010-11-13 06:21 . 2010-05-26 00:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2010-11-13 06:21 . 2010-05-26 00:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2010-11-13 06:21 . 2010-05-26 00:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2010-11-13 06:01 . 2010-11-13 06:01 -------- d-----w- c:\program files\Activision

2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-03 20:53 . 2010-06-08 06:32 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-10-18 23:41 . 2009-11-14 01:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]

@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"

[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]

2010-06-03 14:53 442368 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-09-16 16982016]

"NPSStartup"="" [bU]

"framework"="framework.exe" [bU]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2009-6-30 1678848]

Rainmeter.exe - Shortcut.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2009-11-14 42176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKLM\~\startupfolder\C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 12:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-22 17:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2009-05-12 23:22 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDS]

c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Control Manager v2.2]

c:\users\Evan\AppData\Local\Temp\staklic.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

2008-07-22 01:34 2772992 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

2009-04-06 23:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON TX110 Series]

2008-09-25 20:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFBP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Framework]

c:\users\Evan\AppData\Local\Temp\dxdiag.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GodServices]

c:\users\Evan\AppData\Local\Temp\godservices.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]

c:\users\Evan\AppData\Roaming\install\Svchost.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2009-06-01 02:51 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security Service]

c:\systemfiles\x-f-324553-12314-3344-1\ise32.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 05:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2010-04-29 05:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]

c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Protector]

c:\users\Evan\AppData\Roaming\winlogon.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-09-22 13:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 00:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Packet Monitor]

2010-07-22 16:33 266240 ----a-w- c:\users\Evan\AppData\Roaming\packet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outbreak.exe]

c:\windows\outbreak.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2010-06-03 14:51 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartServiceWKKBTRRS]

c:\users\Evan\AppData\Local\WKKBTRRS\StartService.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup]

c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrokeIt]

2009-06-16 17:52 24712 ----a-w- c:\program files\TCB Networks\StrokeIt\strokeit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System RAID Manager]

c:\users\Evan\AppData\Roaming\raid64.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDoS]

c:\users\Evan\AppData\Roaming\WinDoS.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defense]

c:\users\Evan\AppData\Roaming\winlogon.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Firewall]

c:\users\Evan\AppData\Local\Temp\svchost.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update]

c:\users\Evan\AppData\Roaming\Microsoft\winupdate.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinsysMon]

c:\users\Evan\Desktop\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\LiveUpdate.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XA5RJ9EADJ]

c:\users\Evan\AppData\Local\Temp\Ezr.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C]

c:\users\Evan\AppData\Local\Temp\Ezq.exe [bU]

R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-06-03 164352]

R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-06-03 10240]

R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]

R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]

R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-06-03 80264]

R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]

R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2009-07-13 50176]

R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]

R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]

R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]

R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]

R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]

R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]

R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]

R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]

R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]

R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]

R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]

R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]

R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]

R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-06-03 332168]

R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-06-03 65536]

R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-06-03 232840]

R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]

R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]

R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]

R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]

R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]

R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-06-03 130440]

R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-06-03 28040]

R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-06-03 116104]

R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]

R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 MsRPC;MsRPC; [x]

R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]

R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]

R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]

R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]

R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-06-03 143752]

R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]

R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-06-03 15872]

R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]

R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-06-03 26624]

R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]

R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]

R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]

R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856]

R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]

R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-06-03 28032]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2010-06-03 25600]

R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-06-03 204800]

R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-06-03 31232]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-06-03 50048]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]

R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]

R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]

R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-06-03 159616]

R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]

R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]

R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]

R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968]

R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]

R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2009-07-14 1202688]

R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]

R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]

R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]

R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-06-03 22408]

S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]

S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]

S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]

S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-06-03 194808]

S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-06-03 14216]

S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]

S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]

S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]

S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-06-03 173448]

S0 spldr;Security Processor Loader Driver; [x]

S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-06-03 40712]

S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]

S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-06-03 176008]

S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-06-03 53128]

S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]

S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]

S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-06-03 388096]

S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-06-03 78336]

S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]

S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]

S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]

S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]

S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-06-03 74240]

S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-06-03 63488]

S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]

S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-05-10 233472]

S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]

S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]

S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]

S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-06-03 3179520]

S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-06-03 35328]

S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992]

S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]

S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-07-13 31232]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-06-01 21392]

S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-06-03 728448]

S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]

S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608]

S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]

S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]

S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]

S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-06-03 222208]

S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-06-03 95744]

S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]

S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-06-03 307200]

S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-06-03 113664]

S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-06-03 108544]

S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-06-03 39936]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-09-08 901120]

S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

RPCSS REG_MULTI_SZ RpcEptMapper RpcSs

defragsvc REG_MULTI_SZ defragsvc

WerSvcGroup REG_MULTI_SZ wersvc

LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc

swprv REG_MULTI_SZ swprv

LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg

NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm

regsvc REG_MULTI_SZ RemoteRegistry

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc

DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch

NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent

sdrsvc REG_MULTI_SZ sdrsvc

WbioSvcGroup REG_MULTI_SZ WbioSrvc

wcssvc REG_MULTI_SZ WcsPlugInService

AxInstSVGroup REG_MULTI_SZ AxInstSV

secsvcs REG_MULTI_SZ WinDefend

PeerDist REG_MULTI_SZ PeerDistSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

AeLookupSvc

CertPropSvc

SCPolicySvc

lanmanserver

gpsvc

IKEEXT

AudioSrv

FastUserSwitchingCompatibility

Nla

NWCWorkstation

SRService

Wmi

WmdmPmSp

TermService

wuauserv

BITS

ShellHWDetection

LogonHours

PCAudit

helpsvc

uploadmgr

iphlpsvc

seclogon

AppInfo

msiscsi

MMCSS

wercplsupport

EapHost

ProfSvc

schedule

hkmsvc

SessionEnv

winmgmt

browser

Themes

BDESVC

AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted

homegrouplistener

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

WdiServiceHost

sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService

lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted

BthHFSrv

homegroupprovider

[HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{FDEBDB3F-BD6F-FDF9-C2FC-DACABC0EFA2D}]

c:\users\Evan\AppData\Local\Temp\msconfig.exe [bU]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ninemsn.com.au/

uInternet Settings,ProxyOverride = *.local

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-05 00:27

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-05 00:27

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-05 00:27

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-05 00:27

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-05 00:27

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-05 00:27

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-05 00:27

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-05 00:27

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-05 00:27

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-05 00:27

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-05 00:27

Windows 6.1.7601 Service Pack 1, v.178 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information*]

"datasecu"=hex:07,37,cc,61,5a,d0,52,78,34,12,c1,93,40,fc,db,dc,d4,0f,3a,a7,8c,

fe,10,76,76,c2,25,36,19,92,f5,3e,f9,62,17,ec,e0,f1,d1,89,5c,ab,c1,86,b9,78,\

"rkeysecu"=hex:d5,0a,79,73,61,f8,40,ae,45,cd,7f,f7,94,a1,ff,c8

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\AUDIODG.EXE

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\DllHost.exe

.

**************************************************************************

.

Completion time: 2010-12-05 00:29:24 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-04 13:29

ComboFix2.txt 2010-12-03 13:59

ComboFix3.txt 2010-12-03 13:16

Pre-Run: 13,405,892,608 bytes free

Post-Run: 13,627,445,248 bytes free

- - End Of File - - 1B0F8273C4950F991ACE18042CE737C6

Link to post
Share on other sites

Lets install a anti-virus software. Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

  • Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.

Be sure to update Avira. Then perform a full scan with Avira and let it delete everything it is finding.

Then reboot.

After reboot, open your Avira and select "reports".

There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply

Link to post
Share on other sites

Avira AntiVir Personal

Report file date: Sunday, 5 December 2010 01:09

Scanning for 3118676 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7

Windows version : (Service Pack 1, v.178) [6.1.7601]

Boot mode : Normally booted

Username : SYSTEM

Computer name : EVAN-PC

Version information:

BUILD.DAT : 10.0.0.596 31825 Bytes 16/11/2010 15:57:00

AVSCAN.EXE : 10.0.3.1 434344 Bytes 2/08/2010 05:09:56

AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/04/2010 02:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 2/08/2010 05:10:00

LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 13:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 23:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 09:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 07:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 06:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/03/2010 01:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 05:10:03

VBASE006.VDF : 7.10.7.218 2294784 Bytes 2/06/2010 05:10:04

VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 05:10:06

VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 14:02:12

VBASE009.VDF : 7.10.13.80 2265600 Bytes 2/11/2010 14:02:21

VBASE010.VDF : 7.10.13.81 2048 Bytes 2/11/2010 14:02:22

VBASE011.VDF : 7.10.13.82 2048 Bytes 2/11/2010 14:02:22

VBASE012.VDF : 7.10.13.83 2048 Bytes 2/11/2010 14:02:23

VBASE013.VDF : 7.10.13.116 147968 Bytes 4/11/2010 14:02:24

VBASE014.VDF : 7.10.13.147 146944 Bytes 7/11/2010 14:02:27

VBASE015.VDF : 7.10.13.180 123904 Bytes 9/11/2010 14:02:28

VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 14:02:31

VBASE017.VDF : 7.10.13.243 147456 Bytes 15/11/2010 14:02:33

VBASE018.VDF : 7.10.14.15 142848 Bytes 17/11/2010 14:02:35

VBASE019.VDF : 7.10.14.41 134144 Bytes 19/11/2010 14:02:36

VBASE020.VDF : 7.10.14.63 128000 Bytes 22/11/2010 14:02:37

VBASE021.VDF : 7.10.14.87 143872 Bytes 24/11/2010 14:02:39

VBASE022.VDF : 7.10.14.116 140800 Bytes 26/11/2010 14:02:41

VBASE023.VDF : 7.10.14.147 150528 Bytes 30/11/2010 14:02:43

VBASE024.VDF : 7.10.14.175 126464 Bytes 3/12/2010 14:02:45

VBASE025.VDF : 7.10.14.176 2048 Bytes 3/12/2010 14:02:45

VBASE026.VDF : 7.10.14.177 2048 Bytes 3/12/2010 14:02:46

VBASE027.VDF : 7.10.14.178 2048 Bytes 3/12/2010 14:02:46

VBASE028.VDF : 7.10.14.179 2048 Bytes 3/12/2010 14:02:46

VBASE029.VDF : 7.10.14.180 2048 Bytes 3/12/2010 14:02:47

VBASE030.VDF : 7.10.14.181 2048 Bytes 3/12/2010 14:02:47

VBASE031.VDF : 7.10.14.189 37888 Bytes 3/12/2010 14:02:48

Engineversion : 8.2.4.120

AEVDF.DLL : 8.1.2.1 106868 Bytes 2/08/2010 05:09:54

AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 4/12/2010 14:03:21

AESCN.DLL : 8.1.7.2 127349 Bytes 4/12/2010 14:03:18

AESBX.DLL : 8.1.3.2 254324 Bytes 4/12/2010 14:03:23

AERDL.DLL : 8.1.9.2 635252 Bytes 4/12/2010 14:03:17

AEPACK.DLL : 8.2.4.1 512375 Bytes 4/12/2010 14:03:14

AEOFFICE.DLL : 8.1.1.10 201084 Bytes 4/12/2010 14:03:10

AEHEUR.DLL : 8.1.2.52 3109238 Bytes 4/12/2010 14:03:09

AEHELP.DLL : 8.1.16.0 246136 Bytes 4/12/2010 14:02:59

AEGEN.DLL : 8.1.5.0 397685 Bytes 4/12/2010 14:02:58

AEEMU.DLL : 8.1.3.0 393589 Bytes 4/12/2010 14:02:56

AECORE.DLL : 8.1.19.0 196984 Bytes 4/12/2010 14:02:54

AEBB.DLL : 8.1.1.0 53618 Bytes 2/08/2010 05:09:48

AVWINLL.DLL : 10.0.0.0 19304 Bytes 2/08/2010 05:09:56

AVPREF.DLL : 10.0.0.0 44904 Bytes 2/08/2010 05:09:55

AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 04:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 2/08/2010 05:09:55

AVSCPLR.DLL : 10.0.3.1 83816 Bytes 2/08/2010 05:09:56

AVARKT.DLL : 10.0.0.14 227176 Bytes 2/08/2010 05:09:54

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2/08/2010 05:09:55

SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 04:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 2/08/2010 05:09:56

NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 04:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 03:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 2/08/2010 05:10:08

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Sunday, 5 December 2010 01:09

Starting search for hidden objects.

HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information\datasecu

[NOTE] The registry entry is invisible.

HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information\rkeysecu

[NOTE] The registry entry is invisible.

HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\languagelist

[NOTE] The registry entry is invisible.

HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\p2pcollab.dll,-8042

[NOTE] The registry entry is invisible.

HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\qagentrt.dll,-10

[NOTE] The registry entry is invisible.

HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\dnsapi.dll,-103

[NOTE] The registry entry is invisible.

HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\fveui.dll,-843

[NOTE] The registry entry is invisible.

HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\fveui.dll,-844

[NOTE] The registry entry is invisible.

The scan of running processes will be started

Scan process 'opera.exe' - '107' Module(s) have been scanned

Scan process 'svchost.exe' - '28' Module(s) have been scanned

Scan process 'vssvc.exe' - '47' Module(s) have been scanned

Scan process 'avscan.exe' - '80' Module(s) have been scanned

Scan process 'avscan.exe' - '28' Module(s) have been scanned

Scan process 'avcenter.exe' - '75' Module(s) have been scanned

Scan process 'DllHost.exe' - '40' Module(s) have been scanned

Scan process 'svchost.exe' - '59' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned

Scan process 'svchost.exe' - '67' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '103' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '49' Module(s) have been scanned

Scan process 'wweb32.exe' - '32' Module(s) have been scanned

Scan process 'Rainmeter.exe' - '76' Module(s) have been scanned

Scan process 'HUD.exe' - '34' Module(s) have been scanned

Scan process 'avgnt.exe' - '57' Module(s) have been scanned

Scan process 'jusched.exe' - '25' Module(s) have been scanned

Scan process 'reader_sl.exe' - '20' Module(s) have been scanned

Scan process 'VDeck.exe' - '57' Module(s) have been scanned

Scan process 'itype.exe' - '59' Module(s) have been scanned

Scan process 'Explorer.EXE' - '189' Module(s) have been scanned

Scan process 'taskhost.exe' - '50' Module(s) have been scanned

Scan process 'Dwm.exe' - '31' Module(s) have been scanned

Scan process 'svchost.exe' - '37' Module(s) have been scanned

Scan process 'conhost.exe' - '14' Module(s) have been scanned

Scan process 'avshadow.exe' - '31' Module(s) have been scanned

Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned

Scan process 'WLIDSVC.EXE' - '79' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'sppsvc.exe' - '27' Module(s) have been scanned

Scan process 'NBService.exe' - '51' Module(s) have been scanned

Scan process 'FsUsbExService.Exe' - '24' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '32' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '33' Module(s) have been scanned

Scan process 'avguard.exe' - '71' Module(s) have been scanned

Scan process 'svchost.exe' - '62' Module(s) have been scanned

Scan process 'sched.exe' - '50' Module(s) have been scanned

Scan process 'spoolsv.exe' - '92' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '43' Module(s) have been scanned

Scan process 'svchost.exe' - '88' Module(s) have been scanned

Scan process 'svchost.exe' - '87' Module(s) have been scanned

Scan process 'AUDIODG.EXE' - '47' Module(s) have been scanned

Scan process 'svchost.exe' - '150' Module(s) have been scanned

Scan process 'svchost.exe' - '114' Module(s) have been scanned

Scan process 'svchost.exe' - '103' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '30' Module(s) have been scanned

Scan process 'svchost.exe' - '52' Module(s) have been scanned

Scan process 'winlogon.exe' - '31' Module(s) have been scanned

Scan process 'lsm.exe' - '16' Module(s) have been scanned

Scan process 'lsass.exe' - '72' Module(s) have been scanned

Scan process 'services.exe' - '33' Module(s) have been scanned

Scan process 'wininit.exe' - '26' Module(s) have been scanned

Scan process 'csrss.exe' - '16' Module(s) have been scanned

Scan process 'csrss.exe' - '16' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '383' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\Trainer\Burnout Paradise Trainer.exe

[DETECTION] Is the TR/Buzus.cinr Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\aladumu.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ddlovii.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\dtrspqj.exe.vir

[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ejeifad.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\eumglcu.exe.vir

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gpufpcc.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gxaltrj.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\hqqwuct.exe.vir

[DETECTION] Contains recognition pattern of the WORM/Agent.98304.D worm

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\icnsmhy.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jktulqc.exe.vir

[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jlffmtc.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jmkfrya.exe.vir

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jvmaatn.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\khwqjbc.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\pfiekwq.exe.vir

[DETECTION] Is the TR/ATRAPS.Gen Trojan

--> Object

[DETECTION] Is the TR/ATRAPS.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\qmphdby.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\raid64.exe.vir

[DETECTION] Is the TR/Spy.Agent.212992 Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\rgyumdx.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\sijvkve.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\tacwijc.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\uritwwj.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wydfbon.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wznaqna.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\xlsyxge.exe.vir

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zqbfyik.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zrzysia.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Crypted.exe.vir

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\eraseme.exe.vir

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\metus.exe.vir

[DETECTION] Contains recognition pattern of the WORM/Agent.123904.42 worm

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\newcrypt.exe.vir

[DETECTION] Is the TR/VB.Inject.II.5 Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Run.exe.vir

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe.vir

[DETECTION] Contains recognition pattern of the WORM/IrcBot.659456.A worm

C:\Qoobox\Quarantine\C\Windows\framework.exe.vir

[DETECTION] Contains a recognition pattern of the (harmful) BDS/IRCBot.A.56 back-door program

C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir

[DETECTION] Is the TR/Spy.96256.35 Trojan

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4d43e080-492eb2c9

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

--> vmain.class

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\521840ca-258e909e

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus

--> bpac/a.class

[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-626fba8e

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

--> vmain.class

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\463e7fd4-3b0c8c21

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.A Java virus

--> bpac/Bombapack.class

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.A Java virus

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47b837e3-38d16d90

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

--> vmain.class

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\56a12ea4-766692f8

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus

--> CustomClass.class

[DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus

--> dostuff.class

[DETECTION] Contains recognition pattern of the JAVA/Rowindal.B Java virus

--> mosdef.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.C Java virus

--> SiteError.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.D Java virus

--> SuperPolicy.class

[DETECTION] Contains recognition pattern of the JAVA/Rowindal.C Java virus

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-7dd75de1

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

--> vload.class

[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

--> vmain.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-78122087

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

--> vload.class

[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

--> vmain.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\15467029-6ee724b4

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

--> vload.class

[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

--> vmain.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-27f04b56

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

--> vload.class

[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

--> vmain.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6c959aab-2ea1f28e

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus

--> a4cb9b1a8a5.class

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus

--> a66d578f084.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.EZ Java virus

--> aa79d1019d8.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.FB Java virus

--> ab16db71cdc.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.FH Java virus

--> ab5601d4848.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.FI Java virus

--> ae28546890f.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.FJ Java virus

--> af439f03798.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3e36666f-7c2443af

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

--> vmain.class

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-518d9c2a

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

--> vload.class

[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

--> vmain.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-2ab473fc

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

--> bpac/a.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57e27139-10ff6385

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus

--> bpac/a.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\6b535139-4390f394

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Runner.1458 Java virus

--> Client.class

[DETECTION] Contains recognition pattern of the JAVA/Runner.1458 Java virus

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1df965c9-3df06b51

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus

--> a4cb9b1a8a5.class

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus

--> a66d578f084.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.EZ Java virus

--> aa79d1019d8.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.FB Java virus

--> ab16db71cdc.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.FH Java virus

--> ab5601d4848.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.FI Java virus

--> ae28546890f.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.FJ Java virus

--> af439f03798.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\36c06809-4f45626b

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

--> vmain.class

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

C:\Users\Evan\AppData\Roaming\awqyfeb.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

C:\Users\Evan\AppData\Roaming\cfxsibl.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\Users\Evan\AppData\Roaming\cywelkj.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\Users\Evan\AppData\Roaming\dphmosj.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

C:\Users\Evan\AppData\Roaming\dzoiakq.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Evan\AppData\Roaming\fncdtqe.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

C:\Users\Evan\AppData\Roaming\fqkenby.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

C:\Users\Evan\AppData\Roaming\ftocyye.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

C:\Users\Evan\AppData\Roaming\gbsxcuo.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Evan\AppData\Roaming\gibmfis.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

C:\Users\Evan\AppData\Roaming\hpnjbyj.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

C:\Users\Evan\AppData\Roaming\hthpxiy.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

C:\Users\Evan\AppData\Roaming\hyecael.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

C:\Users\Evan\AppData\Roaming\icbuxha.exe

[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

C:\Users\Evan\AppData\Roaming\iovzqpb.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

C:\Users\Evan\AppData\Roaming\iswztnt.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

C:\Users\Evan\AppData\Roaming\jdqetzt.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

C:\Users\Evan\AppData\Roaming\jflldmo.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Evan\AppData\Roaming\jzcospg.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\Users\Evan\AppData\Roaming\lrvjwjb.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\Users\Evan\AppData\Roaming\mgnrzzq.exe

[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

C:\Users\Evan\AppData\Roaming\mrvphbz.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Evan\AppData\Roaming\mycomputp.dll

[DETECTION] Is the TR/Spy.75776.26 Trojan

C:\Users\Evan\AppData\Roaming\nrvtymn.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

C:\Users\Evan\AppData\Roaming\nuotiem.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

C:\Users\Evan\AppData\Roaming\olntwll.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Evan\AppData\Roaming\ovujbzz.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

C:\Users\Evan\AppData\Roaming\packet.exe

[DETECTION] Is the TR/VBKrypt.dlc Trojan

C:\Users\Evan\AppData\Roaming\pdiolxr.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Evan\AppData\Roaming\qbowqth.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\Users\Evan\AppData\Roaming\qjgskpq.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Evan\AppData\Roaming\quscblv.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

C:\Users\Evan\AppData\Roaming\rapthsp.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\Users\Evan\AppData\Roaming\rrhflfq.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

C:\Users\Evan\AppData\Roaming\shtgurs.exe

[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

C:\Users\Evan\AppData\Roaming\tlwkvcl.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Evan\AppData\Roaming\trpjyqb.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

C:\Users\Evan\AppData\Roaming\uigljis.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

C:\Users\Evan\AppData\Roaming\uuxwtnm.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Evan\AppData\Roaming\vckypiz.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

C:\Users\Evan\AppData\Roaming\vhmnzzq.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

C:\Users\Evan\AppData\Roaming\vhuhykr.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

C:\Users\Evan\AppData\Roaming\vuwnufn.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\Users\Evan\AppData\Roaming\vwvbwzl.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Evan\AppData\Roaming\ycwwfnz.exe

[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

C:\Users\Evan\AppData\Roaming\ymdjsau.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\Users\Evan\AppData\Roaming\ysybmyz.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

C:\Users\Evan\AppData\Roaming\yvrfwyu.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\Users\Evan\AppData\Roaming\zculrje.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\Users\Evan\AppData\Roaming\zlyqlpy.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

C:\Users\Evan\AppData\Roaming\Microsoft\sierra.exe

[DETECTION] Is the TR/Trash.Gen Trojan

Begin scan in 'D:\'

D:\Documents\KeyProwler Pro 3.3.6.0 www.shoptinhoc.com\KeyProwler Pro v3.3.6.0.exe

[DETECTION] Is the TR/Agent.4964526 Trojan

D:\Music\Opeth\opeth - damnation - in my time of need.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

D:\Music\Opeth\opeth - harvest.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

D:\Music\Pantera\pantera - cementery gates.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

D:\Music\Pantera\pantera - the great southern trendkill - floods.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

D:\Music\Pantera\pantera - this love.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

D:\Music\Rockstar Supernova\Magni - When the Time Comes (original).mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

D:\Music\Rockstar Supernova\Rock Star Supernova - Dilana - SuperSoul.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

D:\Warez\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\Nero-9.4.26.0_trial.exe

[0] Archive type: NSIS

[DETECTION] Is the TR/Dldr.Inject.ahi Trojan

--> [unknownDir]/LiveUpdate.exe

[DETECTION] Is the TR/Dldr.Inject.ahi Trojan

Beginning disinfection:

D:\Warez\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\Nero-9.4.26.0_trial.exe

[DETECTION] Is the TR/Dldr.Inject.ahi Trojan

[NOTE] The file was moved to the quarantine directory under the name '480cf1b0.qua'.

D:\Music\Rockstar Supernova\Rock Star Supernova - Dilana - SuperSoul.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was moved to the quarantine directory under the name '50aade2b.qua'.

D:\Music\Rockstar Supernova\Magni - When the Time Comes (original).mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was moved to the quarantine directory under the name '02c984fd.qua'.

D:\Music\Pantera\pantera - this love.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was moved to the quarantine directory under the name '64f7cb3f.qua'.

D:\Music\Pantera\pantera - the great southern trendkill - floods.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was moved to the quarantine directory under the name '2173e604.qua'.

D:\Music\Pantera\pantera - cementery gates.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was moved to the quarantine directory under the name '5e68d466.qua'.

D:\Music\Opeth\opeth - harvest.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was moved to the quarantine directory under the name '12e7f803.qua'.

D:\Music\Opeth\opeth - damnation - in my time of need.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was moved to the quarantine directory under the name '6effb851.qua'.

D:\Documents\KeyProwler Pro 3.3.6.0 www.shoptinhoc.com\KeyProwler Pro v3.3.6.0.exe

[DETECTION] Is the TR/Agent.4964526 Trojan

[NOTE] The file was moved to the quarantine directory under the name '43899707.qua'.

C:\Users\Evan\AppData\Roaming\Microsoft\sierra.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '5acdac99.qua'.

C:\Users\Evan\AppData\Roaming\zlyqlpy.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

[NOTE] The file was moved to the quarantine directory under the name '36bd80b4.qua'.

C:\Users\Evan\AppData\Roaming\zculrje.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '4718b936.qua'.

C:\Users\Evan\AppData\Roaming\yvrfwyu.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '490189ec.qua'.

C:\Users\Evan\AppData\Roaming\ysybmyz.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

[NOTE] The file was moved to the quarantine directory under the name '0c37f0a3.qua'.

C:\Users\Evan\AppData\Roaming\ymdjsau.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '0511f40e.qua'.

C:\Users\Evan\AppData\Roaming\ycwwfnz.exe

[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

[NOTE] The file was moved to the quarantine directory under the name '5d7fed71.qua'.

C:\Users\Evan\AppData\Roaming\vwvbwzl.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '718a94a1.qua'.

C:\Users\Evan\AppData\Roaming\vuwnufn.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '4f75f479.qua'.

C:\Users\Evan\AppData\Roaming\vhuhykr.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

[NOTE] The file was moved to the quarantine directory under the name '2c65df1f.qua'.

C:\Users\Evan\AppData\Roaming\vhmnzzq.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

[NOTE] The file was moved to the quarantine directory under the name '0aa59f02.qua'.

C:\Users\Evan\AppData\Roaming\vckypiz.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

[NOTE] The file was moved to the quarantine directory under the name '3833e4ac.qua'.

C:\Users\Evan\AppData\Roaming\uuxwtnm.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '3261cfcc.qua'.

C:\Users\Evan\AppData\Roaming\uigljis.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

[NOTE] The file was moved to the quarantine directory under the name '0d21ab9d.qua'.

C:\Users\Evan\AppData\Roaming\trpjyqb.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

[NOTE] The file was moved to the quarantine directory under the name '7306a7a1.qua'.

C:\Users\Evan\AppData\Roaming\tlwkvcl.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '2665a36c.qua'.

C:\Users\Evan\AppData\Roaming\shtgurs.exe

[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

[NOTE] The file was moved to the quarantine directory under the name '2becd258.qua'.

C:\Users\Evan\AppData\Roaming\rrhflfq.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

[NOTE] The file was moved to the quarantine directory under the name '37bdc64a.qua'.

C:\Users\Evan\AppData\Roaming\rapthsp.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '06668b95.qua'.

C:\Users\Evan\AppData\Roaming\quscblv.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

[NOTE] The file was moved to the quarantine directory under the name '6a379fbf.qua'.

C:\Users\Evan\AppData\Roaming\qjgskpq.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '23a1bab2.qua'.

C:\Users\Evan\AppData\Roaming\qbowqth.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '783cb27b.qua'.

C:\Users\Evan\AppData\Roaming\pdiolxr.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '1e84be90.qua'.

C:\Users\Evan\AppData\Roaming\packet.exe

[DETECTION] Is the TR/VBKrypt.dlc Trojan

[NOTE] The file was moved to the quarantine directory under the name '4934cc35.qua'.

C:\Users\Evan\AppData\Roaming\ovujbzz.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

[NOTE] The file was moved to the quarantine directory under the name '6b769b5a.qua'.

C:\Users\Evan\AppData\Roaming\olntwll.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '0361e1c2.qua'.

C:\Users\Evan\AppData\Roaming\nuotiem.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

[NOTE] The file was moved to the quarantine directory under the name '2316e54e.qua'.

C:\Users\Evan\AppData\Roaming\nrvtymn.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

[NOTE] The file was moved to the quarantine directory under the name '762ba3f9.qua'.

C:\Users\Evan\AppData\Roaming\mycomputp.dll

[DETECTION] Is the TR/Spy.75776.26 Trojan

[WARNING] The file could not be copied to quarantine!

[WARNING] The file could not be deleted!

[NOTE] The file is scheduled for deleting after reboot.

C:\Users\Evan\AppData\Roaming\mrvphbz.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '1770b41c.qua'.

C:\Users\Evan\AppData\Roaming\mgnrzzq.exe

[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

[NOTE] The file was moved to the quarantine directory under the name '048c88fa.qua'.

C:\Users\Evan\AppData\Roaming\lrvjwjb.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '162df432.qua'.

C:\Users\Evan\AppData\Roaming\jzcospg.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '01509798.qua'.

C:\Users\Evan\AppData\Roaming\jflldmo.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '5b49a564.qua'.

C:\Users\Evan\AppData\Roaming\jdqetzt.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

[NOTE] The file was moved to the quarantine directory under the name '7e49df76.qua'.

C:\Users\Evan\AppData\Roaming\iswztnt.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

[NOTE] The file was moved to the quarantine directory under the name '0a08c776.qua'.

C:\Users\Evan\AppData\Roaming\iovzqpb.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

[NOTE] The file was moved to the quarantine directory under the name '280b95f6.qua'.

C:\Users\Evan\AppData\Roaming\icbuxha.exe

[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

[NOTE] The file was moved to the quarantine directory under the name '5db4ed93.qua'.

C:\Users\Evan\AppData\Roaming\hyecael.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

[NOTE] The file was moved to the quarantine directory under the name '76e0b1e5.qua'.

C:\Users\Evan\AppData\Roaming\hthpxiy.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

[NOTE] The file was moved to the quarantine directory under the name '11baf95f.qua'.

C:\Users\Evan\AppData\Roaming\hpnjbyj.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

[NOTE] The file was moved to the quarantine directory under the name '5ac0c045.qua'.

C:\Users\Evan\AppData\Roaming\gibmfis.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

[NOTE] The file was moved to the quarantine directory under the name '5a0aca6d.qua'.

C:\Users\Evan\AppData\Roaming\gbsxcuo.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '10949f7a.qua'.

C:\Users\Evan\AppData\Roaming\ftocyye.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

[NOTE] The file was moved to the quarantine directory under the name '7eb9b0c0.qua'.

C:\Users\Evan\AppData\Roaming\fqkenby.exe

[DETECTION] Is the TR/VBKrypt.dfi Trojan

[NOTE] The file was moved to the quarantine directory under the name '3395eebd.qua'.

C:\Users\Evan\AppData\Roaming\fncdtqe.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

[NOTE] The file was moved to the quarantine directory under the name '5b89c985.qua'.

C:\Users\Evan\AppData\Roaming\dzoiakq.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '210cf358.qua'.

C:\Users\Evan\AppData\Roaming\dphmosj.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

[NOTE] The file was moved to the quarantine directory under the name '5055af0b.qua'.

C:\Users\Evan\AppData\Roaming\cywelkj.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '20a18512.qua'.

C:\Users\Evan\AppData\Roaming\cfxsibl.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '5bd2f934.qua'.

C:\Users\Evan\AppData\Roaming\awqyfeb.exe

[DETECTION] Is the TR/VBKrypt.dbb Trojan

[NOTE] The file was moved to the quarantine directory under the name '15908a2f.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\36c06809-4f45626b

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

[NOTE] The file was moved to the quarantine directory under the name '6bddf148.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1df965c9-3df06b51

[DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus

[NOTE] The file was moved to the quarantine directory under the name '1f7ad90d.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\6b535139-4390f394

[DETECTION] Contains recognition pattern of the JAVA/Runner.1458 Java virus

[NOTE] The file was moved to the quarantine directory under the name '14018566.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57e27139-10ff6385

[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus

[NOTE] The file was moved to the quarantine directory under the name '47a99691.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-2ab473fc

[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

[NOTE] The file was moved to the quarantine directory under the name '22c1bdfc.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-518d9c2a

[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

[NOTE] The file was moved to the quarantine directory under the name '0a57ed5d.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3e36666f-7c2443af

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

[NOTE] The file was moved to the quarantine directory under the name '7eeab4d5.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6c959aab-2ea1f28e

[DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus

[NOTE] The file was moved to the quarantine directory under the name '31f9cc5e.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-27f04b56

[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

[NOTE] The file was moved to the quarantine directory under the name '0e2c95f9.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\15467029-6ee724b4

[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

[NOTE] The file was moved to the quarantine directory under the name '7406967c.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-78122087

[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

[NOTE] The file was moved to the quarantine directory under the name '247c910c.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-7dd75de1

[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

[NOTE] The file was moved to the quarantine directory under the name '72029b7c.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\56a12ea4-766692f8

[DETECTION] Contains recognition pattern of the JAVA/Rowindal.C Java virus

[NOTE] The file was moved to the quarantine directory under the name '35c39f9a.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47b837e3-38d16d90

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

[NOTE] The file was moved to the quarantine directory under the name '1688f119.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\463e7fd4-3b0c8c21

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.A Java virus

[NOTE] The file was moved to the quarantine directory under the name '5172d8f7.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-626fba8e

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

[NOTE] The file was moved to the quarantine directory under the name '23148b62.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\521840ca-258e909e

[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus

[NOTE] The file was moved to the quarantine directory under the name '087fc871.qua'.

C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4d43e080-492eb2c9

[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

[NOTE] The file was moved to the quarantine directory under the name '4be3c6fc.qua'.

C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir

[DETECTION] Is the TR/Spy.96256.35 Trojan

[NOTE] The file was moved to the quarantine directory under the name '016bbfbf.qua'.

C:\Qoobox\Quarantine\C\Windows\framework.exe.vir

[DETECTION] Contains a recognition pattern of the (harmful) BDS/IRCBot.A.56 back-door program

[NOTE] The file was moved to the quarantine directory under the name '0c10a116.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe.vir

[DETECTION] Contains recognition pattern of the WORM/IrcBot.659456.A worm

[NOTE] The file was moved to the quarantine directory under the name '23c7e98f.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Run.exe.vir

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '1c0da097.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\newcrypt.exe.vir

[DETECTION] Is the TR/VB.Inject.II.5 Trojan

[NOTE] The file was moved to the quarantine directory under the name '23f3b67d.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\metus.exe.vir

[DETECTION] Contains recognition pattern of the WORM/Agent.123904.42 worm

[NOTE] The file was moved to the quarantine directory under the name '4635e6aa.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\eraseme.exe.vir

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '6021c1b5.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Crypted.exe.vir

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '6ca492cd.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zrzysia.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '59c9e414.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zqbfyik.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '22c1e35f.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\xlsyxge.exe.vir

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '04f0e66f.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wznaqna.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '6878aba7.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wydfbon.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '4822be17.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\uritwwj.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '2f18d4e3.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\tacwijc.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '52e0b77c.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\sijvkve.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '0ee2b81b.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\rgyumdx.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '46aa839b.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\raid64.exe.vir

[DETECTION] Is the TR/Spy.Agent.212992 Trojan

[NOTE] The file was moved to the quarantine directory under the name '2862ee63.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\qmphdby.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '0dacb0b9.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\pfiekwq.exe.vir

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '7fcca06c.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\khwqjbc.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '11259c9d.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jvmaatn.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '7fcba405.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jmkfrya.exe.vir

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '01dbfde7.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jlffmtc.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '1851ad4a.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jktulqc.exe.vir

[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '08a0c28e.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\icnsmhy.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '112fcfed.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\hqqwuct.exe.vir

[DETECTION] Contains recognition pattern of the WORM/Agent.98304.D worm

[NOTE] The file was moved to the quarantine directory under the name '507292c0.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gxaltrj.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '5ec6c6a6.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gpufpcc.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '72abc671.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\eumglcu.exe.vir

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '4455e9c1.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ejeifad.exe.vir

[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '440381ce.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\dtrspqj.exe.vir

[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '3f1ebff0.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ddlovii.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '3aad9cac.qua'.

C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\aladumu.exe.vir

[DETECTION] Is the TR/Hijacker.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '550adbbb.qua'.

C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\Trainer\Burnout Paradise Trainer.exe

[DETECTION] Is the TR/Buzus.cinr Trojan

[NOTE] The file was moved to the quarantine directory under the name '7cb7a01e.qua'.

The repair notes were written to the file 'C:\avrescue\rescue.avp'.

End of the scan: Sunday, 5 December 2010 01:49

Used time: 38:43 Minute(s)

The scan has been done completely.

21601 Scanned directories

416254 Files were scanned

134 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

112 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

416120 Files not concerned

2337 Archives were scanned

1 Warnings

113 Notes

546485 Objects were scanned with rootkit scan

8 Hidden objects were found

Link to post
Share on other sites

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel

Malwarebytes Anti-Malware

Restart your PC Then:

Download and run this utility: http://www.malwarebytes.org/mbam-clean.exe

It will ask to restart your computer (please allow it to).

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Next

bf_new.gif Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.