Jump to content

e1wasf

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Done, done and done. Holy crap! Wow! I cannot thank you enough, mate.
  2. Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5247 Windows 6.1.7601 Service Pack 1, v.178 Internet Explorer 8.0.7601.16562 5/12/2010 5:23:58 PM mbam-log-2010-12-05 (17-23-58).txt Scan type: Quick scan Objects scanned: 143937 Time elapsed: 2 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. Avira AntiVir Personal Report file date: Sunday, 5 December 2010 01:09 Scanning for 3118676 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 7 Windows version : (Service Pack 1, v.178) [6.1.7601] Boot mode : Normally booted Username : SYSTEM Computer name : EVAN-PC Version information: BUILD.DAT : 10.0.0.596 31825 Bytes 16/11/2010 15:57:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 2/08/2010 05:09:56 AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/04/2010 02:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 2/08/2010 05:10:00 LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 13:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 23:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 09:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 07:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 06:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/03/2010 01:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 05:10:03 VBASE006.VDF : 7.10.7.218 2294784 Bytes 2/06/2010 05:10:04 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 05:10:06 VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 14:02:12 VBASE009.VDF : 7.10.13.80 2265600 Bytes 2/11/2010 14:02:21 VBASE010.VDF : 7.10.13.81 2048 Bytes 2/11/2010 14:02:22 VBASE011.VDF : 7.10.13.82 2048 Bytes 2/11/2010 14:02:22 VBASE012.VDF : 7.10.13.83 2048 Bytes 2/11/2010 14:02:23 VBASE013.VDF : 7.10.13.116 147968 Bytes 4/11/2010 14:02:24 VBASE014.VDF : 7.10.13.147 146944 Bytes 7/11/2010 14:02:27 VBASE015.VDF : 7.10.13.180 123904 Bytes 9/11/2010 14:02:28 VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 14:02:31 VBASE017.VDF : 7.10.13.243 147456 Bytes 15/11/2010 14:02:33 VBASE018.VDF : 7.10.14.15 142848 Bytes 17/11/2010 14:02:35 VBASE019.VDF : 7.10.14.41 134144 Bytes 19/11/2010 14:02:36 VBASE020.VDF : 7.10.14.63 128000 Bytes 22/11/2010 14:02:37 VBASE021.VDF : 7.10.14.87 143872 Bytes 24/11/2010 14:02:39 VBASE022.VDF : 7.10.14.116 140800 Bytes 26/11/2010 14:02:41 VBASE023.VDF : 7.10.14.147 150528 Bytes 30/11/2010 14:02:43 VBASE024.VDF : 7.10.14.175 126464 Bytes 3/12/2010 14:02:45 VBASE025.VDF : 7.10.14.176 2048 Bytes 3/12/2010 14:02:45 VBASE026.VDF : 7.10.14.177 2048 Bytes 3/12/2010 14:02:46 VBASE027.VDF : 7.10.14.178 2048 Bytes 3/12/2010 14:02:46 VBASE028.VDF : 7.10.14.179 2048 Bytes 3/12/2010 14:02:46 VBASE029.VDF : 7.10.14.180 2048 Bytes 3/12/2010 14:02:47 VBASE030.VDF : 7.10.14.181 2048 Bytes 3/12/2010 14:02:47 VBASE031.VDF : 7.10.14.189 37888 Bytes 3/12/2010 14:02:48 Engineversion : 8.2.4.120 AEVDF.DLL : 8.1.2.1 106868 Bytes 2/08/2010 05:09:54 AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 4/12/2010 14:03:21 AESCN.DLL : 8.1.7.2 127349 Bytes 4/12/2010 14:03:18 AESBX.DLL : 8.1.3.2 254324 Bytes 4/12/2010 14:03:23 AERDL.DLL : 8.1.9.2 635252 Bytes 4/12/2010 14:03:17 AEPACK.DLL : 8.2.4.1 512375 Bytes 4/12/2010 14:03:14 AEOFFICE.DLL : 8.1.1.10 201084 Bytes 4/12/2010 14:03:10 AEHEUR.DLL : 8.1.2.52 3109238 Bytes 4/12/2010 14:03:09 AEHELP.DLL : 8.1.16.0 246136 Bytes 4/12/2010 14:02:59 AEGEN.DLL : 8.1.5.0 397685 Bytes 4/12/2010 14:02:58 AEEMU.DLL : 8.1.3.0 393589 Bytes 4/12/2010 14:02:56 AECORE.DLL : 8.1.19.0 196984 Bytes 4/12/2010 14:02:54 AEBB.DLL : 8.1.1.0 53618 Bytes 2/08/2010 05:09:48 AVWINLL.DLL : 10.0.0.0 19304 Bytes 2/08/2010 05:09:56 AVPREF.DLL : 10.0.0.0 44904 Bytes 2/08/2010 05:09:55 AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 04:27:13 AVREG.DLL : 10.0.3.2 53096 Bytes 2/08/2010 05:09:55 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 2/08/2010 05:09:56 AVARKT.DLL : 10.0.0.14 227176 Bytes 2/08/2010 05:09:54 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2/08/2010 05:09:55 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 04:27:22 AVSMTP.DLL : 10.0.0.17 63848 Bytes 2/08/2010 05:09:56 NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 04:27:21 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 03:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 2/08/2010 05:10:08 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Sunday, 5 December 2010 01:09 Starting search for hidden objects. HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information\datasecu [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information\rkeysecu [NOTE] The registry entry is invisible. HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\languagelist [NOTE] The registry entry is invisible. HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\p2pcollab.dll,-8042 [NOTE] The registry entry is invisible. HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\qagentrt.dll,-10 [NOTE] The registry entry is invisible. HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\dnsapi.dll,-103 [NOTE] The registry entry is invisible. HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\fveui.dll,-843 [NOTE] The registry entry is invisible. HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\fveui.dll,-844 [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'opera.exe' - '107' Module(s) have been scanned Scan process 'svchost.exe' - '28' Module(s) have been scanned Scan process 'vssvc.exe' - '47' Module(s) have been scanned Scan process 'avscan.exe' - '80' Module(s) have been scanned Scan process 'avscan.exe' - '28' Module(s) have been scanned Scan process 'avcenter.exe' - '75' Module(s) have been scanned Scan process 'DllHost.exe' - '40' Module(s) have been scanned Scan process 'svchost.exe' - '59' Module(s) have been scanned Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned Scan process 'svchost.exe' - '67' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '103' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '49' Module(s) have been scanned Scan process 'wweb32.exe' - '32' Module(s) have been scanned Scan process 'Rainmeter.exe' - '76' Module(s) have been scanned Scan process 'HUD.exe' - '34' Module(s) have been scanned Scan process 'avgnt.exe' - '57' Module(s) have been scanned Scan process 'jusched.exe' - '25' Module(s) have been scanned Scan process 'reader_sl.exe' - '20' Module(s) have been scanned Scan process 'VDeck.exe' - '57' Module(s) have been scanned Scan process 'itype.exe' - '59' Module(s) have been scanned Scan process 'Explorer.EXE' - '189' Module(s) have been scanned Scan process 'taskhost.exe' - '50' Module(s) have been scanned Scan process 'Dwm.exe' - '31' Module(s) have been scanned Scan process 'svchost.exe' - '37' Module(s) have been scanned Scan process 'conhost.exe' - '14' Module(s) have been scanned Scan process 'avshadow.exe' - '31' Module(s) have been scanned Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned Scan process 'WLIDSVC.EXE' - '79' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'sppsvc.exe' - '27' Module(s) have been scanned Scan process 'NBService.exe' - '51' Module(s) have been scanned Scan process 'FsUsbExService.Exe' - '24' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '32' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '33' Module(s) have been scanned Scan process 'avguard.exe' - '71' Module(s) have been scanned Scan process 'svchost.exe' - '62' Module(s) have been scanned Scan process 'sched.exe' - '50' Module(s) have been scanned Scan process 'spoolsv.exe' - '92' Module(s) have been scanned Scan process 'nvvsvc.exe' - '43' Module(s) have been scanned Scan process 'svchost.exe' - '88' Module(s) have been scanned Scan process 'svchost.exe' - '87' Module(s) have been scanned Scan process 'AUDIODG.EXE' - '47' Module(s) have been scanned Scan process 'svchost.exe' - '150' Module(s) have been scanned Scan process 'svchost.exe' - '114' Module(s) have been scanned Scan process 'svchost.exe' - '103' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'nvvsvc.exe' - '30' Module(s) have been scanned Scan process 'svchost.exe' - '52' Module(s) have been scanned Scan process 'winlogon.exe' - '31' Module(s) have been scanned Scan process 'lsm.exe' - '16' Module(s) have been scanned Scan process 'lsass.exe' - '72' Module(s) have been scanned Scan process 'services.exe' - '33' Module(s) have been scanned Scan process 'wininit.exe' - '26' Module(s) have been scanned Scan process 'csrss.exe' - '16' Module(s) have been scanned Scan process 'csrss.exe' - '16' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '383' files ). Starting the file scan: Begin scan in 'C:\' C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\Trainer\Burnout Paradise Trainer.exe [DETECTION] Is the TR/Buzus.cinr Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\aladumu.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ddlovii.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\dtrspqj.exe.vir [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ejeifad.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\eumglcu.exe.vir [DETECTION] Is the TR/Dropper.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gpufpcc.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gxaltrj.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\hqqwuct.exe.vir [DETECTION] Contains recognition pattern of the WORM/Agent.98304.D worm C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\icnsmhy.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jktulqc.exe.vir [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jlffmtc.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jmkfrya.exe.vir [DETECTION] Is the TR/Dropper.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jvmaatn.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\khwqjbc.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\pfiekwq.exe.vir [DETECTION] Is the TR/ATRAPS.Gen Trojan --> Object [DETECTION] Is the TR/ATRAPS.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\qmphdby.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\raid64.exe.vir [DETECTION] Is the TR/Spy.Agent.212992 Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\rgyumdx.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\sijvkve.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\tacwijc.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\uritwwj.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wydfbon.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wznaqna.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\xlsyxge.exe.vir [DETECTION] Is the TR/Dropper.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zqbfyik.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zrzysia.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Crypted.exe.vir [DETECTION] Is the TR/Dropper.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\eraseme.exe.vir [DETECTION] Is the TR/Dropper.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\metus.exe.vir [DETECTION] Contains recognition pattern of the WORM/Agent.123904.42 worm C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\newcrypt.exe.vir [DETECTION] Is the TR/VB.Inject.II.5 Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Run.exe.vir [DETECTION] Is the TR/Dropper.Gen Trojan C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe.vir [DETECTION] Contains recognition pattern of the WORM/IrcBot.659456.A worm C:\Qoobox\Quarantine\C\Windows\framework.exe.vir [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRCBot.A.56 back-door program C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir [DETECTION] Is the TR/Spy.96256.35 Trojan C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4d43e080-492eb2c9 [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit --> vmain.class [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\521840ca-258e909e [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus --> bpac/a.class [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-626fba8e [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit --> vmain.class [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\463e7fd4-3b0c8c21 [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/OpenStream.A Java virus --> bpac/Bombapack.class [DETECTION] Contains recognition pattern of the JAVA/OpenStream.A Java virus C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47b837e3-38d16d90 [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit --> vmain.class [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\56a12ea4-766692f8 [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus --> CustomClass.class [DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus --> dostuff.class [DETECTION] Contains recognition pattern of the JAVA/Rowindal.B Java virus --> mosdef.class [DETECTION] Contains recognition pattern of the JAVA/Agent.C Java virus --> SiteError.class [DETECTION] Contains recognition pattern of the JAVA/Agent.D Java virus --> SuperPolicy.class [DETECTION] Contains recognition pattern of the JAVA/Rowindal.C Java virus C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-7dd75de1 [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus --> vload.class [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus --> vmain.class [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-78122087 [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus --> vload.class [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus --> vmain.class [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\15467029-6ee724b4 [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus --> vload.class [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus --> vmain.class [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-27f04b56 [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus --> vload.class [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus --> vmain.class [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6c959aab-2ea1f28e [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus --> a4cb9b1a8a5.class [DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus --> a66d578f084.class [DETECTION] Contains recognition pattern of the JAVA/Agent.EZ Java virus --> aa79d1019d8.class [DETECTION] Contains recognition pattern of the JAVA/Agent.FB Java virus --> ab16db71cdc.class [DETECTION] Contains recognition pattern of the JAVA/Agent.FH Java virus --> ab5601d4848.class [DETECTION] Contains recognition pattern of the JAVA/Agent.FI Java virus --> ae28546890f.class [DETECTION] Contains recognition pattern of the JAVA/Agent.FJ Java virus --> af439f03798.class [DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3e36666f-7c2443af [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit --> vmain.class [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-518d9c2a [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus --> vload.class [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus --> vmain.class [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-2ab473fc [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus --> bpac/a.class [DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57e27139-10ff6385 [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus --> bpac/a.class [DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\6b535139-4390f394 [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/Runner.1458 Java virus --> Client.class [DETECTION] Contains recognition pattern of the JAVA/Runner.1458 Java virus C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1df965c9-3df06b51 [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus --> a4cb9b1a8a5.class [DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus --> a66d578f084.class [DETECTION] Contains recognition pattern of the JAVA/Agent.EZ Java virus --> aa79d1019d8.class [DETECTION] Contains recognition pattern of the JAVA/Agent.FB Java virus --> ab16db71cdc.class [DETECTION] Contains recognition pattern of the JAVA/Agent.FH Java virus --> ab5601d4848.class [DETECTION] Contains recognition pattern of the JAVA/Agent.FI Java virus --> ae28546890f.class [DETECTION] Contains recognition pattern of the JAVA/Agent.FJ Java virus --> af439f03798.class [DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\36c06809-4f45626b [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit --> vmain.class [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit C:\Users\Evan\AppData\Roaming\awqyfeb.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan C:\Users\Evan\AppData\Roaming\cfxsibl.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\Users\Evan\AppData\Roaming\cywelkj.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\Users\Evan\AppData\Roaming\dphmosj.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan C:\Users\Evan\AppData\Roaming\dzoiakq.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\Users\Evan\AppData\Roaming\fncdtqe.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan C:\Users\Evan\AppData\Roaming\fqkenby.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan C:\Users\Evan\AppData\Roaming\ftocyye.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan C:\Users\Evan\AppData\Roaming\gbsxcuo.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\Users\Evan\AppData\Roaming\gibmfis.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan C:\Users\Evan\AppData\Roaming\hpnjbyj.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan C:\Users\Evan\AppData\Roaming\hthpxiy.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan C:\Users\Evan\AppData\Roaming\hyecael.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan C:\Users\Evan\AppData\Roaming\icbuxha.exe [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan C:\Users\Evan\AppData\Roaming\iovzqpb.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan C:\Users\Evan\AppData\Roaming\iswztnt.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan C:\Users\Evan\AppData\Roaming\jdqetzt.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan C:\Users\Evan\AppData\Roaming\jflldmo.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\Users\Evan\AppData\Roaming\jzcospg.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\Users\Evan\AppData\Roaming\lrvjwjb.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\Users\Evan\AppData\Roaming\mgnrzzq.exe [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan C:\Users\Evan\AppData\Roaming\mrvphbz.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\Users\Evan\AppData\Roaming\mycomputp.dll [DETECTION] Is the TR/Spy.75776.26 Trojan C:\Users\Evan\AppData\Roaming\nrvtymn.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan C:\Users\Evan\AppData\Roaming\nuotiem.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan C:\Users\Evan\AppData\Roaming\olntwll.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\Users\Evan\AppData\Roaming\ovujbzz.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan C:\Users\Evan\AppData\Roaming\packet.exe [DETECTION] Is the TR/VBKrypt.dlc Trojan C:\Users\Evan\AppData\Roaming\pdiolxr.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\Users\Evan\AppData\Roaming\qbowqth.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\Users\Evan\AppData\Roaming\qjgskpq.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\Users\Evan\AppData\Roaming\quscblv.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan C:\Users\Evan\AppData\Roaming\rapthsp.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\Users\Evan\AppData\Roaming\rrhflfq.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan C:\Users\Evan\AppData\Roaming\shtgurs.exe [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan C:\Users\Evan\AppData\Roaming\tlwkvcl.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\Users\Evan\AppData\Roaming\trpjyqb.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan C:\Users\Evan\AppData\Roaming\uigljis.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan C:\Users\Evan\AppData\Roaming\uuxwtnm.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\Users\Evan\AppData\Roaming\vckypiz.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan C:\Users\Evan\AppData\Roaming\vhmnzzq.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan C:\Users\Evan\AppData\Roaming\vhuhykr.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan C:\Users\Evan\AppData\Roaming\vuwnufn.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\Users\Evan\AppData\Roaming\vwvbwzl.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\Users\Evan\AppData\Roaming\ycwwfnz.exe [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan C:\Users\Evan\AppData\Roaming\ymdjsau.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\Users\Evan\AppData\Roaming\ysybmyz.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan C:\Users\Evan\AppData\Roaming\yvrfwyu.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\Users\Evan\AppData\Roaming\zculrje.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\Users\Evan\AppData\Roaming\zlyqlpy.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan C:\Users\Evan\AppData\Roaming\Microsoft\sierra.exe [DETECTION] Is the TR/Trash.Gen Trojan Begin scan in 'D:\' D:\Documents\KeyProwler Pro 3.3.6.0 www.shoptinhoc.com\KeyProwler Pro v3.3.6.0.exe [DETECTION] Is the TR/Agent.4964526 Trojan D:\Music\Opeth\opeth - damnation - in my time of need.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit D:\Music\Opeth\opeth - harvest.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit D:\Music\Pantera\pantera - cementery gates.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit D:\Music\Pantera\pantera - the great southern trendkill - floods.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit D:\Music\Pantera\pantera - this love.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit D:\Music\Rockstar Supernova\Magni - When the Time Comes (original).mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit D:\Music\Rockstar Supernova\Rock Star Supernova - Dilana - SuperSoul.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit D:\Warez\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\Nero-9.4.26.0_trial.exe [0] Archive type: NSIS [DETECTION] Is the TR/Dldr.Inject.ahi Trojan --> [unknownDir]/LiveUpdate.exe [DETECTION] Is the TR/Dldr.Inject.ahi Trojan Beginning disinfection: D:\Warez\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\Nero-9.4.26.0_trial.exe [DETECTION] Is the TR/Dldr.Inject.ahi Trojan [NOTE] The file was moved to the quarantine directory under the name '480cf1b0.qua'. D:\Music\Rockstar Supernova\Rock Star Supernova - Dilana - SuperSoul.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to the quarantine directory under the name '50aade2b.qua'. D:\Music\Rockstar Supernova\Magni - When the Time Comes (original).mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to the quarantine directory under the name '02c984fd.qua'. D:\Music\Pantera\pantera - this love.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to the quarantine directory under the name '64f7cb3f.qua'. D:\Music\Pantera\pantera - the great southern trendkill - floods.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to the quarantine directory under the name '2173e604.qua'. D:\Music\Pantera\pantera - cementery gates.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to the quarantine directory under the name '5e68d466.qua'. D:\Music\Opeth\opeth - harvest.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to the quarantine directory under the name '12e7f803.qua'. D:\Music\Opeth\opeth - damnation - in my time of need.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to the quarantine directory under the name '6effb851.qua'. D:\Documents\KeyProwler Pro 3.3.6.0 www.shoptinhoc.com\KeyProwler Pro v3.3.6.0.exe [DETECTION] Is the TR/Agent.4964526 Trojan [NOTE] The file was moved to the quarantine directory under the name '43899707.qua'. C:\Users\Evan\AppData\Roaming\Microsoft\sierra.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '5acdac99.qua'. C:\Users\Evan\AppData\Roaming\zlyqlpy.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan [NOTE] The file was moved to the quarantine directory under the name '36bd80b4.qua'. C:\Users\Evan\AppData\Roaming\zculrje.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '4718b936.qua'. C:\Users\Evan\AppData\Roaming\yvrfwyu.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '490189ec.qua'. C:\Users\Evan\AppData\Roaming\ysybmyz.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan [NOTE] The file was moved to the quarantine directory under the name '0c37f0a3.qua'. C:\Users\Evan\AppData\Roaming\ymdjsau.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '0511f40e.qua'. C:\Users\Evan\AppData\Roaming\ycwwfnz.exe [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan [NOTE] The file was moved to the quarantine directory under the name '5d7fed71.qua'. C:\Users\Evan\AppData\Roaming\vwvbwzl.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '718a94a1.qua'. C:\Users\Evan\AppData\Roaming\vuwnufn.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '4f75f479.qua'. C:\Users\Evan\AppData\Roaming\vhuhykr.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan [NOTE] The file was moved to the quarantine directory under the name '2c65df1f.qua'. C:\Users\Evan\AppData\Roaming\vhmnzzq.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan [NOTE] The file was moved to the quarantine directory under the name '0aa59f02.qua'. C:\Users\Evan\AppData\Roaming\vckypiz.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan [NOTE] The file was moved to the quarantine directory under the name '3833e4ac.qua'. C:\Users\Evan\AppData\Roaming\uuxwtnm.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '3261cfcc.qua'. C:\Users\Evan\AppData\Roaming\uigljis.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan [NOTE] The file was moved to the quarantine directory under the name '0d21ab9d.qua'. C:\Users\Evan\AppData\Roaming\trpjyqb.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan [NOTE] The file was moved to the quarantine directory under the name '7306a7a1.qua'. C:\Users\Evan\AppData\Roaming\tlwkvcl.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '2665a36c.qua'. C:\Users\Evan\AppData\Roaming\shtgurs.exe [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan [NOTE] The file was moved to the quarantine directory under the name '2becd258.qua'. C:\Users\Evan\AppData\Roaming\rrhflfq.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan [NOTE] The file was moved to the quarantine directory under the name '37bdc64a.qua'. C:\Users\Evan\AppData\Roaming\rapthsp.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '06668b95.qua'. C:\Users\Evan\AppData\Roaming\quscblv.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan [NOTE] The file was moved to the quarantine directory under the name '6a379fbf.qua'. C:\Users\Evan\AppData\Roaming\qjgskpq.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '23a1bab2.qua'. C:\Users\Evan\AppData\Roaming\qbowqth.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '783cb27b.qua'. C:\Users\Evan\AppData\Roaming\pdiolxr.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '1e84be90.qua'. C:\Users\Evan\AppData\Roaming\packet.exe [DETECTION] Is the TR/VBKrypt.dlc Trojan [NOTE] The file was moved to the quarantine directory under the name '4934cc35.qua'. C:\Users\Evan\AppData\Roaming\ovujbzz.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan [NOTE] The file was moved to the quarantine directory under the name '6b769b5a.qua'. C:\Users\Evan\AppData\Roaming\olntwll.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '0361e1c2.qua'. C:\Users\Evan\AppData\Roaming\nuotiem.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan [NOTE] The file was moved to the quarantine directory under the name '2316e54e.qua'. C:\Users\Evan\AppData\Roaming\nrvtymn.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan [NOTE] The file was moved to the quarantine directory under the name '762ba3f9.qua'. C:\Users\Evan\AppData\Roaming\mycomputp.dll [DETECTION] Is the TR/Spy.75776.26 Trojan [WARNING] The file could not be copied to quarantine! [WARNING] The file could not be deleted! [NOTE] The file is scheduled for deleting after reboot. C:\Users\Evan\AppData\Roaming\mrvphbz.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '1770b41c.qua'. C:\Users\Evan\AppData\Roaming\mgnrzzq.exe [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan [NOTE] The file was moved to the quarantine directory under the name '048c88fa.qua'. C:\Users\Evan\AppData\Roaming\lrvjwjb.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '162df432.qua'. C:\Users\Evan\AppData\Roaming\jzcospg.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '01509798.qua'. C:\Users\Evan\AppData\Roaming\jflldmo.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '5b49a564.qua'. C:\Users\Evan\AppData\Roaming\jdqetzt.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan [NOTE] The file was moved to the quarantine directory under the name '7e49df76.qua'. C:\Users\Evan\AppData\Roaming\iswztnt.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan [NOTE] The file was moved to the quarantine directory under the name '0a08c776.qua'. C:\Users\Evan\AppData\Roaming\iovzqpb.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan [NOTE] The file was moved to the quarantine directory under the name '280b95f6.qua'. C:\Users\Evan\AppData\Roaming\icbuxha.exe [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan [NOTE] The file was moved to the quarantine directory under the name '5db4ed93.qua'. C:\Users\Evan\AppData\Roaming\hyecael.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan [NOTE] The file was moved to the quarantine directory under the name '76e0b1e5.qua'. C:\Users\Evan\AppData\Roaming\hthpxiy.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan [NOTE] The file was moved to the quarantine directory under the name '11baf95f.qua'. C:\Users\Evan\AppData\Roaming\hpnjbyj.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan [NOTE] The file was moved to the quarantine directory under the name '5ac0c045.qua'. C:\Users\Evan\AppData\Roaming\gibmfis.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan [NOTE] The file was moved to the quarantine directory under the name '5a0aca6d.qua'. C:\Users\Evan\AppData\Roaming\gbsxcuo.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '10949f7a.qua'. C:\Users\Evan\AppData\Roaming\ftocyye.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan [NOTE] The file was moved to the quarantine directory under the name '7eb9b0c0.qua'. C:\Users\Evan\AppData\Roaming\fqkenby.exe [DETECTION] Is the TR/VBKrypt.dfi Trojan [NOTE] The file was moved to the quarantine directory under the name '3395eebd.qua'. C:\Users\Evan\AppData\Roaming\fncdtqe.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan [NOTE] The file was moved to the quarantine directory under the name '5b89c985.qua'. C:\Users\Evan\AppData\Roaming\dzoiakq.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '210cf358.qua'. C:\Users\Evan\AppData\Roaming\dphmosj.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan [NOTE] The file was moved to the quarantine directory under the name '5055af0b.qua'. C:\Users\Evan\AppData\Roaming\cywelkj.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '20a18512.qua'. C:\Users\Evan\AppData\Roaming\cfxsibl.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '5bd2f934.qua'. C:\Users\Evan\AppData\Roaming\awqyfeb.exe [DETECTION] Is the TR/VBKrypt.dbb Trojan [NOTE] The file was moved to the quarantine directory under the name '15908a2f.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\36c06809-4f45626b [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit [NOTE] The file was moved to the quarantine directory under the name '6bddf148.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1df965c9-3df06b51 [DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus [NOTE] The file was moved to the quarantine directory under the name '1f7ad90d.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\6b535139-4390f394 [DETECTION] Contains recognition pattern of the JAVA/Runner.1458 Java virus [NOTE] The file was moved to the quarantine directory under the name '14018566.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57e27139-10ff6385 [DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus [NOTE] The file was moved to the quarantine directory under the name '47a99691.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-2ab473fc [DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus [NOTE] The file was moved to the quarantine directory under the name '22c1bdfc.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-518d9c2a [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus [NOTE] The file was moved to the quarantine directory under the name '0a57ed5d.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3e36666f-7c2443af [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit [NOTE] The file was moved to the quarantine directory under the name '7eeab4d5.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6c959aab-2ea1f28e [DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus [NOTE] The file was moved to the quarantine directory under the name '31f9cc5e.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-27f04b56 [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus [NOTE] The file was moved to the quarantine directory under the name '0e2c95f9.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\15467029-6ee724b4 [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus [NOTE] The file was moved to the quarantine directory under the name '7406967c.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-78122087 [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus [NOTE] The file was moved to the quarantine directory under the name '247c910c.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-7dd75de1 [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus [NOTE] The file was moved to the quarantine directory under the name '72029b7c.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\56a12ea4-766692f8 [DETECTION] Contains recognition pattern of the JAVA/Rowindal.C Java virus [NOTE] The file was moved to the quarantine directory under the name '35c39f9a.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47b837e3-38d16d90 [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit [NOTE] The file was moved to the quarantine directory under the name '1688f119.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\463e7fd4-3b0c8c21 [DETECTION] Contains recognition pattern of the JAVA/OpenStream.A Java virus [NOTE] The file was moved to the quarantine directory under the name '5172d8f7.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-626fba8e [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit [NOTE] The file was moved to the quarantine directory under the name '23148b62.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\521840ca-258e909e [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus [NOTE] The file was moved to the quarantine directory under the name '087fc871.qua'. C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4d43e080-492eb2c9 [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit [NOTE] The file was moved to the quarantine directory under the name '4be3c6fc.qua'. C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir [DETECTION] Is the TR/Spy.96256.35 Trojan [NOTE] The file was moved to the quarantine directory under the name '016bbfbf.qua'. C:\Qoobox\Quarantine\C\Windows\framework.exe.vir [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRCBot.A.56 back-door program [NOTE] The file was moved to the quarantine directory under the name '0c10a116.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe.vir [DETECTION] Contains recognition pattern of the WORM/IrcBot.659456.A worm [NOTE] The file was moved to the quarantine directory under the name '23c7e98f.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Run.exe.vir [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '1c0da097.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\newcrypt.exe.vir [DETECTION] Is the TR/VB.Inject.II.5 Trojan [NOTE] The file was moved to the quarantine directory under the name '23f3b67d.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\metus.exe.vir [DETECTION] Contains recognition pattern of the WORM/Agent.123904.42 worm [NOTE] The file was moved to the quarantine directory under the name '4635e6aa.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\eraseme.exe.vir [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '6021c1b5.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Crypted.exe.vir [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '6ca492cd.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zrzysia.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan [NOTE] The file was moved to the quarantine directory under the name '59c9e414.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zqbfyik.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '22c1e35f.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\xlsyxge.exe.vir [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '04f0e66f.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wznaqna.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '6878aba7.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wydfbon.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '4822be17.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\uritwwj.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan [NOTE] The file was moved to the quarantine directory under the name '2f18d4e3.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\tacwijc.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan [NOTE] The file was moved to the quarantine directory under the name '52e0b77c.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\sijvkve.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan [NOTE] The file was moved to the quarantine directory under the name '0ee2b81b.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\rgyumdx.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '46aa839b.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\raid64.exe.vir [DETECTION] Is the TR/Spy.Agent.212992 Trojan [NOTE] The file was moved to the quarantine directory under the name '2862ee63.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\qmphdby.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '0dacb0b9.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\pfiekwq.exe.vir [DETECTION] Is the TR/ATRAPS.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '7fcca06c.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\khwqjbc.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '11259c9d.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jvmaatn.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '7fcba405.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jmkfrya.exe.vir [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '01dbfde7.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jlffmtc.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan [NOTE] The file was moved to the quarantine directory under the name '1851ad4a.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jktulqc.exe.vir [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '08a0c28e.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\icnsmhy.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan [NOTE] The file was moved to the quarantine directory under the name '112fcfed.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\hqqwuct.exe.vir [DETECTION] Contains recognition pattern of the WORM/Agent.98304.D worm [NOTE] The file was moved to the quarantine directory under the name '507292c0.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gxaltrj.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan [NOTE] The file was moved to the quarantine directory under the name '5ec6c6a6.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gpufpcc.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '72abc671.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\eumglcu.exe.vir [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '4455e9c1.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ejeifad.exe.vir [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan [NOTE] The file was moved to the quarantine directory under the name '440381ce.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\dtrspqj.exe.vir [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '3f1ebff0.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ddlovii.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '3aad9cac.qua'. C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\aladumu.exe.vir [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '550adbbb.qua'. C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\Trainer\Burnout Paradise Trainer.exe [DETECTION] Is the TR/Buzus.cinr Trojan [NOTE] The file was moved to the quarantine directory under the name '7cb7a01e.qua'. The repair notes were written to the file 'C:\avrescue\rescue.avp'. End of the scan: Sunday, 5 December 2010 01:49 Used time: 38:43 Minute(s) The scan has been done completely. 21601 Scanned directories 416254 Files were scanned 134 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 112 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 416120 Files not concerned 2337 Archives were scanned 1 Warnings 113 Notes 546485 Objects were scanned with rootkit scan 8 Hidden objects were found
  4. ComboFix 10-12-03.03 - Evan 05/12/2010 0:21.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.2541 [GMT 11:00] Running from: c:\users\Evan\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Evan\AppData\Roaming\aladumu.exe c:\users\Evan\AppData\Roaming\ddlovii.exe c:\users\Evan\AppData\Roaming\dtrspqj.exe c:\users\Evan\AppData\Roaming\eehzkak.exe c:\users\Evan\AppData\Roaming\ejeifad.exe c:\users\Evan\AppData\Roaming\eumglcu.exe c:\users\Evan\AppData\Roaming\fkfivbs.exe c:\users\Evan\AppData\Roaming\gpufpcc.exe c:\users\Evan\AppData\Roaming\gxaltrj.exe c:\users\Evan\AppData\Roaming\hqqwuct.exe c:\users\Evan\AppData\Roaming\icnsmhy.exe c:\users\Evan\AppData\Roaming\jjwepwp.exe c:\users\Evan\AppData\Roaming\jktulqc.exe c:\users\Evan\AppData\Roaming\jlffmtc.exe c:\users\Evan\AppData\Roaming\jmkfrya.exe c:\users\Evan\AppData\Roaming\jvmaatn.exe c:\users\Evan\AppData\Roaming\khwqjbc.exe c:\users\Evan\AppData\Roaming\Microsoft\Crypted.exe c:\users\Evan\AppData\Roaming\Microsoft\eraseme.exe c:\users\Evan\AppData\Roaming\Microsoft\metus.exe c:\users\Evan\AppData\Roaming\Microsoft\newcrypt.exe c:\users\Evan\AppData\Roaming\Microsoft\Run.exe c:\users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe c:\users\Evan\AppData\Roaming\pfiekwq.exe c:\users\Evan\AppData\Roaming\ptibrrh.exe c:\users\Evan\AppData\Roaming\qmphdby.exe c:\users\Evan\AppData\Roaming\raid64.exe c:\users\Evan\AppData\Roaming\rgyumdx.exe c:\users\Evan\AppData\Roaming\sijvkve.exe c:\users\Evan\AppData\Roaming\tacwijc.exe c:\users\Evan\AppData\Roaming\tahjmdr.exe c:\users\Evan\AppData\Roaming\uritwwj.exe c:\users\Evan\AppData\Roaming\wydfbon.exe c:\users\Evan\AppData\Roaming\wznaqna.exe c:\users\Evan\AppData\Roaming\xlsyxge.exe c:\users\Evan\AppData\Roaming\xuxqnoh.exe c:\users\Evan\AppData\Roaming\zqbfyik.exe c:\users\Evan\AppData\Roaming\zrzysia.exe c:\windows\framework.exe Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe Infected copy of c:\windows\System32\wininit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe . ((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 ))))))))))))))))))))))))))))))) . 2010-12-04 13:25 . 2010-12-04 13:27 -------- d-----w- c:\users\Evan\AppData\Local\temp 2010-12-04 13:25 . 2010-12-04 13:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-03 20:53 . 2010-12-03 20:53 -------- d-----w- c:\program files\Common Files\Java 2010-12-03 20:53 . 2010-12-03 20:53 -------- d-----w- c:\program files\Java 2010-12-03 18:22 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CEF266C6-F3E1-4AE8-B172-276EE4CB8BF8}\mpengine.dll 2010-12-03 18:21 . 2010-12-03 18:21 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-03 18:10 . 2010-12-03 18:10 -------- d-----w- c:\windows\system32\%LocalAppData% 2010-12-03 12:11 . 2010-12-03 12:11 -------- d-----w- c:\program files\Trend Micro 2010-12-01 09:26 . 2009-07-14 01:16 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LXKPTPRC.DLL 2010-11-16 16:45 . 2010-11-16 17:11 -------- d-----w- c:\users\Evan\AppData\Roaming\Mobipocket 2010-11-16 16:45 . 2010-11-16 16:45 -------- d-----w- c:\program files\Mobipocket.com 2010-11-13 06:21 . 2010-11-13 06:21 -------- d-----w- c:\users\Evan\AppData\Local\Activision 2010-11-13 06:21 . 2010-06-01 17:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-11-13 06:21 . 2010-06-01 17:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-11-13 06:21 . 2010-06-01 17:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-11-13 06:21 . 2010-05-26 00:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-11-13 06:21 . 2010-05-26 00:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2010-11-13 06:21 . 2010-05-26 00:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2010-11-13 06:21 . 2010-05-26 00:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-11-13 06:21 . 2010-05-26 00:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2010-11-13 06:01 . 2010-11-13 06:01 -------- d-----w- c:\program files\Activision 2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-03 20:53 . 2010-06-08 06:32 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-10-18 23:41 . 2009-11-14 01:14 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll 2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR 2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate] @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}" [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}] 2010-06-03 14:53 442368 ----a-w- c:\windows\System32\ntshrui.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-09-16 16982016] "NPSStartup"="" [bU] "framework"="framework.exe" [bU] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2009-6-30 1678848] Rainmeter.exe - Shortcut.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296] WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2009-11-14 42176] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKLM\~\startupfolder\C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 12:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-22 17:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2009-05-12 23:22 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDS] c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Control Manager v2.2] c:\users\Evan\AppData\Local\Temp\staklic.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] 2008-07-22 01:34 2772992 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2009-04-06 23:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON TX110 Series] 2008-09-25 20:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFBP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Framework] c:\users\Evan\AppData\Local\Temp\dxdiag.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GodServices] c:\users\Evan\AppData\Local\Temp\godservices.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU] c:\users\Evan\AppData\Roaming\install\Svchost.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2009-06-01 02:51 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security Service] c:\systemfiles\x-f-324553-12314-3344-1\ise32.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 05:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-04-29 05:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft] c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Protector] c:\users\Evan\AppData\Roaming\winlogon.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-09-22 13:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 00:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Packet Monitor] 2010-07-22 16:33 266240 ----a-w- c:\users\Evan\AppData\Roaming\packet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outbreak.exe] c:\windows\outbreak.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2010-06-03 14:51 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartServiceWKKBTRRS] c:\users\Evan\AppData\Local\WKKBTRRS\StartService.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup] c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrokeIt] 2009-06-16 17:52 24712 ----a-w- c:\program files\TCB Networks\StrokeIt\strokeit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System RAID Manager] c:\users\Evan\AppData\Roaming\raid64.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDoS] c:\users\Evan\AppData\Roaming\WinDoS.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defense] c:\users\Evan\AppData\Roaming\winlogon.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Firewall] c:\users\Evan\AppData\Local\Temp\svchost.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update] c:\users\Evan\AppData\Roaming\Microsoft\winupdate.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinsysMon] c:\users\Evan\Desktop\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\LiveUpdate.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XA5RJ9EADJ] c:\users\Evan\AppData\Local\Temp\Ezr.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C] c:\users\Evan\AppData\Local\Temp\Ezq.exe [bU] R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-06-03 164352] R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-06-03 10240] R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976] R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552] R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-06-03 80264] R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312] R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2009-07-13 50176] R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608] R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568] R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248] R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128] R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160] R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888] R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160] R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712] R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160] R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160] R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624] R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152] R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-06-03 332168] R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-06-03 65536] R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-06-03 232840] R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824] R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168] R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864] R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848] R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800] R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-06-03 130440] R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-06-03 28040] R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-06-03 116104] R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096] R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 MsRPC;MsRPC; [x] R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288] R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264] R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136] R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624] R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-06-03 143752] R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488] R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-06-03 15872] R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632] R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-06-03 26624] R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288] R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888] R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168] R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856] R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072] R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-06-03 28032] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2010-06-03 25600] R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-06-03 204800] R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-06-03 31232] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-06-03 50048] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840] R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424] R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016] R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-06-03 159616] R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736] R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920] R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904] R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968] R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632] R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2009-07-14 1202688] R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024] R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008] R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992] R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992] R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992] S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-06-03 22408] S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408] S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568] S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448] S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-06-03 194808] S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-06-03 14216] S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200] S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888] S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088] S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-06-03 173448] S0 spldr;Security Processor Loader Driver; [x] S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-06-03 40712] S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832] S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-06-03 176008] S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-06-03 53128] S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040] S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328] S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-06-03 388096] S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-06-03 78336] S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256] S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896] S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656] S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168] S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-06-03 74240] S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-06-03 63488] S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728] S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-05-10 233472] S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128] S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528] S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752] S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-06-03 3179520] S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-06-03 35328] S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992] S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632] S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-07-13 31232] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-06-01 21392] S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-06-03 728448] S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992] S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608] S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528] S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552] S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416] S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-06-03 222208] S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-06-03 95744] S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152] S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-06-03 307200] S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-06-03 113664] S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-06-03 108544] S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-06-03 39936] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-09-08 901120] S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992] --- Other Services/Drivers In Memory --- *NewlyCreated* - FSUSBEXDISK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] RPCSS REG_MULTI_SZ RpcEptMapper RpcSs defragsvc REG_MULTI_SZ defragsvc WerSvcGroup REG_MULTI_SZ wersvc LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc swprv REG_MULTI_SZ swprv LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm regsvc REG_MULTI_SZ RemoteRegistry LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent sdrsvc REG_MULTI_SZ sdrsvc WbioSvcGroup REG_MULTI_SZ WbioSrvc wcssvc REG_MULTI_SZ WcsPlugInService AxInstSVGroup REG_MULTI_SZ AxInstSV secsvcs REG_MULTI_SZ WinDefend PeerDist REG_MULTI_SZ PeerDistSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Nla NWCWorkstation SRService Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS wercplsupport EapHost ProfSvc schedule hkmsvc SessionEnv winmgmt browser Themes BDESVC AppMgmt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted homegrouplistener HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService WdiServiceHost sppuinotify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService lanmanworkstation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted BthHFSrv homegroupprovider [HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{FDEBDB3F-BD6F-FDF9-C2FC-DACABC0EFA2D}] c:\users\Evan\AppData\Local\Temp\msconfig.exe [bU] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ninemsn.com.au/ uInternet Settings,ProxyOverride = *.local . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-05 00:27 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-05 00:27 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-05 00:27 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-05 00:27 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-05 00:27 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-05 00:27 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-05 00:27 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-05 00:27 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-05 00:27 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-05 00:27 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-05 00:27 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information*] "datasecu"=hex:07,37,cc,61,5a,d0,52,78,34,12,c1,93,40,fc,db,dc,d4,0f,3a,a7,8c, fe,10,76,76,c2,25,36,19,92,f5,3e,f9,62,17,ec,e0,f1,d1,89,5c,ab,c1,86,b9,78,\ "rkeysecu"=hex:d5,0a,79,73,61,f8,40,ae,45,cd,7f,f7,94,a1,ff,c8 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\AUDIODG.EXE c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\DllHost.exe . ************************************************************************** . Completion time: 2010-12-05 00:29:24 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-04 13:29 ComboFix2.txt 2010-12-03 13:59 ComboFix3.txt 2010-12-03 13:16 Pre-Run: 13,405,892,608 bytes free Post-Run: 13,627,445,248 bytes free - - End Of File - - 1B0F8273C4950F991ACE18042CE737C6
  5. ESET log: C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\56a12ea4-766692f8 multiple threats C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-7dd75de1 probably a variant of Win32/Agent.FXHNPDJ trojan C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-78122087 probably a variant of Win32/Agent.FXHNPDJ trojan C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\15467029-6ee724b4 probably a variant of Win32/Agent.FXHNPDJ trojan C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-27f04b56 probably a variant of Win32/Agent.FXHNPDJ trojan C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6c959aab-2ea1f28e multiple threats C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-518d9c2a probably a variant of Win32/Agent.FXHNPDJ trojan C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-2ab473fc a variant of Java/TrojanDownloader.OpenStream.NAU trojan C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57e27139-10ff6385 a variant of Java/TrojanDownloader.OpenStream.NAU trojan C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\6b535139-4390f394 Java/TrojanDownloader.Agent.NBB trojan C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1df965c9-3df06b51 multiple threats C:\Users\Evan\AppData\Roaming\awqyfeb.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\dphmosj.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\dtrspqj.exe Win32/Dewnad.AK worm C:\Users\Evan\AppData\Roaming\dzoiakq.exe a variant of Win32/Injector.DAL trojan C:\Users\Evan\AppData\Roaming\ejeifad.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\eumglcu.exe a variant of Win32/Injector.CNY trojan C:\Users\Evan\AppData\Roaming\fncdtqe.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\fqkenby.exe a variant of Win32/Injector.CHV trojan C:\Users\Evan\AppData\Roaming\ftocyye.exe a variant of Win32/Injector.CHV trojan C:\Users\Evan\AppData\Roaming\gibmfis.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\gpufpcc.exe a variant of Win32/Injector.CLJ trojan C:\Users\Evan\AppData\Roaming\gxaltrj.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\hpnjbyj.exe a variant of Win32/Injector.CHV trojan C:\Users\Evan\AppData\Roaming\hqqwuct.exe a variant of MSIL/Agent.NCX trojan C:\Users\Evan\AppData\Roaming\hthpxiy.exe a variant of Win32/Injector.CHV trojan C:\Users\Evan\AppData\Roaming\hyecael.exe a variant of Win32/Injector.CHV trojan C:\Users\Evan\AppData\Roaming\icbuxha.exe a variant of Win32/Injector.DAL trojan C:\Users\Evan\AppData\Roaming\icnsmhy.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\iovzqpb.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\iswztnt.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\jdqetzt.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\jflldmo.exe a variant of Win32/Injector.DAL trojan C:\Users\Evan\AppData\Roaming\jktulqc.exe Win32/Dewnad.AK worm C:\Users\Evan\AppData\Roaming\jlffmtc.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\jmkfrya.exe a variant of Win32/Injector.CFX trojan C:\Users\Evan\AppData\Roaming\mgnrzzq.exe a variant of Win32/Injector.DAL trojan C:\Users\Evan\AppData\Roaming\mrvphbz.exe a variant of Win32/Injector.DAL trojan C:\Users\Evan\AppData\Roaming\mycomputp.dll Win32/Agent.RMC trojan C:\Users\Evan\AppData\Roaming\nrvtymn.exe a variant of Win32/Injector.CHV trojan C:\Users\Evan\AppData\Roaming\nuotiem.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\ovujbzz.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\packet.exe a variant of Win32/Injector.DAL trojan C:\Users\Evan\AppData\Roaming\pfiekwq.exe probably a variant of Win32/AutoRun.IRCBot.FC worm C:\Users\Evan\AppData\Roaming\qjgskpq.exe a variant of Win32/Injector.DAL trojan C:\Users\Evan\AppData\Roaming\qmphdby.exe probably unknown NewHeur_PE virus C:\Users\Evan\AppData\Roaming\quscblv.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\raid64.exe a variant of Win32/Injector.CHV trojan C:\Users\Evan\AppData\Roaming\rgyumdx.exe a variant of Win32/Injector.CLJ trojan C:\Users\Evan\AppData\Roaming\rrhflfq.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\shtgurs.exe a variant of Win32/Injector.DAL trojan C:\Users\Evan\AppData\Roaming\sijvkve.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\tacwijc.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\tlwkvcl.exe a variant of Win32/Injector.DAL trojan C:\Users\Evan\AppData\Roaming\trpjyqb.exe a variant of Win32/Injector.CHV trojan C:\Users\Evan\AppData\Roaming\uigljis.exe a variant of Win32/Injector.CHV trojan C:\Users\Evan\AppData\Roaming\uritwwj.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\vckypiz.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\vhmnzzq.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\vhuhykr.exe a variant of Win32/Injector.CHV trojan C:\Users\Evan\AppData\Roaming\vwvbwzl.exe a variant of Win32/Injector.DAL trojan C:\Users\Evan\AppData\Roaming\xlsyxge.exe Win32/AutoRun.IRCBot.CX worm C:\Users\Evan\AppData\Roaming\ycwwfnz.exe a variant of Win32/Injector.DAL trojan C:\Users\Evan\AppData\Roaming\ysybmyz.exe a variant of Win32/Injector.CHV trojan C:\Users\Evan\AppData\Roaming\zlyqlpy.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\zrzysia.exe Win32/Oficla.HW trojan C:\Users\Evan\AppData\Roaming\Microsoft\Crypted.exe a variant of Win32/Injector.CUA trojan C:\Users\Evan\AppData\Roaming\Microsoft\eraseme.exe probably a variant of Win32/Injector.AXP trojan C:\Users\Evan\AppData\Roaming\Microsoft\metus.exe Win32/Dewnad.AM worm C:\Users\Evan\AppData\Roaming\Microsoft\newcrypt.exe a variant of Win32/Injector.CTL trojan C:\Users\Evan\AppData\Roaming\Microsoft\Run.exe probably a variant of MSIL/Injector.I trojan C:\Users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe probably a variant of Win32/IRCBot.DRVMJMG trojan C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.DZ trojan C:\Windows\explorer.exe Win32/Bamital.EL trojan C:\Windows\framework.exe probably a variant of Win32/Injector.CRM trojan C:\Windows\System32\wininit.exe Win32/Bamital.EL trojan D:\Svchost.exe a variant of Win32/Injector.CUA trojan
  6. The Kaspersky updates are giving me a lot of trouble. The downloading took its sweet time (around a couple of hours for only a 100 MB ), and now it says the update failed because the Internet connection was inconsistent. I refreshed and tried again. Now it won't even attempt to start updating - I just keep getting the 'inconsistent' error. Is there an alternative software I can try? Oh and obviously the redirecting problem's back after the system restore - should I run ComboFix (without your CFScript) to fix it up again?
  7. Oh wait. Hold on. I clicked 'Repair Windows' at the safe mode prompt and managed to restore the system to previous settings. It seems to have done the job. We're back to square one I guess. This is the current HTL: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:24:14 AM, on 4/12/2010 Platform: Windows 7 SP1, v.178 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.16562) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files\WordWeb\wweb32.exe C:\Windows\framework.exe C:\Users\Evan\AppData\Local\temp\msconfig.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [framework] framework.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [msconfig] C:\Users\Evan\AppData\Local\Temp\msconfig.exe O4 - HKCU\..\Run: [Apple iPod Service] C:\Users\Evan\AppData\Roaming\iTunes.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: GIGABYTE Gamer HUD Lite.lnk = C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe O4 - Startup: Rainmeter.exe - Shortcut.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/gom/receiver/tc/FMSI.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7412 bytes
  8. Nope. Booted with the last known good configuration. I'm getting the same result.
  9. IE won't load anything after the homepage. It just hangs every time I try to go anywhere else.
  10. Whoa! WHoa! Dude, something went seriously wrong. I'm on my brother's laptop right now. I ran the MBAM scam as you asked. It found 1 infection in the appdata/temp directory if I remember correctly. Everything went wrong after rebooting. The log-on screen was stuck on 'preparing desktop' for quite a bit. When the desktop did load, an error message popped up: C:\Windows\system32\config\systemprofile\Desktop is not accessible Access is denied. I tried rebooting again, to no avail. The windows 7 taskbar has been replaced with the classic version. The desktop icons are gone. And most executable files won't run. I can still, however, access files on my HDD (not the ones on the desktop though). I tried to run MBAM, but it won't load. The error message says 'The dependency service or group failed to start'. I tried to take a screenshot, but nothing on mspaint will save - it says 'Location is denied' every time I try. The internet connection seems to be fine. Opera won't load. IE loads and gets stuck on the homepage. What am I supposed to do now? Also, it's a home PC, not a business one.
  11. Cheers. New log. ComboFix 10-12-02.05 - Evan 04/12/2010 0:52.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.2374 [GMT 11:00] Running from: c:\users\Evan\Desktop\ComboFix.exe Command switches used :: c:\users\Evan\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_AppMgmt ((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 ))))))))))))))))))))))))))))))) . 2010-12-03 13:55 . 2010-12-03 13:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-03 13:06 . 2010-12-03 13:57 -------- d-----w- c:\users\Evan\AppData\Local\temp 2010-12-03 12:11 . 2010-12-03 12:11 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-03 12:11 . 2010-12-03 12:11 -------- d-----w- c:\program files\Trend Micro 2010-12-03 11:08 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFFD1FEE-B8BC-4517-9A47-9AF60BD2D77B}\mpengine.dll 2010-12-01 09:26 . 2009-07-14 01:16 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LXKPTPRC.DLL 2010-11-16 16:45 . 2010-11-16 17:11 -------- d-----w- c:\users\Evan\AppData\Roaming\Mobipocket 2010-11-16 16:45 . 2010-11-16 16:45 -------- d-----w- c:\program files\Mobipocket.com 2010-11-13 06:21 . 2010-11-13 06:21 -------- d-----w- c:\users\Evan\AppData\Local\Activision 2010-11-13 06:21 . 2010-06-01 17:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-11-13 06:21 . 2010-06-01 17:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-11-13 06:21 . 2010-06-01 17:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-11-13 06:21 . 2010-05-26 00:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-11-13 06:21 . 2010-05-26 00:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2010-11-13 06:21 . 2010-05-26 00:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2010-11-13 06:21 . 2010-05-26 00:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-11-13 06:21 . 2010-05-26 00:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2010-11-13 06:01 . 2010-11-13 06:01 -------- d-----w- c:\program files\Activision 2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-02 16:06 . 2010-10-20 12:15 59392 --sh--r- c:\users\Evan\AppData\Roaming\iTunes.exe 2010-11-29 06:42 . 2010-04-20 11:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-29 06:42 . 2010-04-20 11:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-18 23:41 . 2009-11-14 01:14 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll 2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR 2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL 2010-09-14 17:50 . 2010-06-08 06:32 472808 ----a-w- c:\windows\system32\deployJava1.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate] @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}" [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}] 2010-06-03 14:53 442368 ----a-w- c:\windows\System32\ntshrui.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-09-16 16982016] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976] c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2009-6-30 1678848] Rainmeter.exe - Shortcut.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296] WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2009-11-14 42176] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKLM\~\startupfolder\C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-06-03 164352] R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-06-03 10240] R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976] R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552] R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-06-03 80264] R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312] R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2009-07-13 50176] R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608] R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568] R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248] R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128] R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160] R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888] R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160] R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712] R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160] R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160] R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624] R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152] R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-06-03 332168] R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-06-03 65536] R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-06-03 232840] R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824] R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168] R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864] R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848] R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800] R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-06-03 130440] R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-06-03 28040] R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-06-03 116104] R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096] R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 MsRPC;MsRPC; [x] R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288] R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264] R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136] R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624] R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-06-03 143752] R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488] R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-06-03 15872] R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632] R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-06-03 26624] R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288] R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888] R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168] R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856] R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072] R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-06-03 28032] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2010-06-03 25600] R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-06-03 204800] R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-06-03 31232] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-06-03 50048] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840] R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424] R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016] R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-06-03 159616] R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736] R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920] R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904] R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968] R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632] R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2009-07-14 1202688] R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024] R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008] R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992] R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992] R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992] S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-06-03 22408] S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408] S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568] S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448] S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-06-03 194808] S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-06-03 14216] S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200] S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888] S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088] S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-06-03 173448] S0 spldr;Security Processor Loader Driver; [x] S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-06-03 40712] S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832] S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-06-03 176008] S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-06-03 53128] S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040] S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328] S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-06-03 388096] S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-06-03 78336] S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256] S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896] S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656] S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168] S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-06-03 74240] S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-06-03 63488] S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728] S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-05-10 233472] S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128] S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528] S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752] S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-06-03 3179520] S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-06-03 35328] S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992] S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632] S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-07-13 31232] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-06-01 21392] S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-06-03 728448] S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992] S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608] S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528] S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552] S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416] S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-06-03 222208] S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-06-03 95744] S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152] S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-06-03 307200] S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-06-03 113664] S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-06-03 108544] S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-06-03 39936] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-09-08 901120] S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992] --- Other Services/Drivers In Memory --- *NewlyCreated* - FSUSBEXDISK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] RPCSS REG_MULTI_SZ RpcEptMapper RpcSs defragsvc REG_MULTI_SZ defragsvc WerSvcGroup REG_MULTI_SZ wersvc LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc swprv REG_MULTI_SZ swprv LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm regsvc REG_MULTI_SZ RemoteRegistry LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent sdrsvc REG_MULTI_SZ sdrsvc WbioSvcGroup REG_MULTI_SZ WbioSrvc wcssvc REG_MULTI_SZ WcsPlugInService AxInstSVGroup REG_MULTI_SZ AxInstSV secsvcs REG_MULTI_SZ WinDefend PeerDist REG_MULTI_SZ PeerDistSvc NETSVCS REQUIRES REPAIRS - current entries shown Ias Irmon Ntmssvc Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess Tapisrv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted homegrouplistener HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService WdiServiceHost sppuinotify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService lanmanworkstation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted BthHFSrv homegroupprovider . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ninemsn.com.au/ uInternet Settings,ProxyOverride = *.local . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:57 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:57 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:57 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:57 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:57 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information*] "datasecu"=hex:07,37,cc,61,5a,d0,52,78,34,12,c1,93,40,fc,db,dc,d4,0f,3a,a7,8c, fe,10,76,76,c2,25,36,19,92,f5,3e,f9,62,17,ec,e0,f1,d1,89,5c,ab,c1,86,b9,78,\ "rkeysecu"=hex:d5,0a,79,73,61,f8,40,ae,45,cd,7f,f7,94,a1,ff,c8 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\AUDIODG.EXE c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\DllHost.exe . ************************************************************************** . Completion time: 2010-12-04 00:59:18 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-03 13:59 ComboFix2.txt 2010-12-03 13:16 Pre-Run: 14,322,110,464 bytes free Post-Run: 14,011,912,192 bytes free - - End Of File - - A05D838CB57422A0FD48D48FB7033356
  12. Apologies for the double post. Looks like ComboFix worked its magic - I'm not getting redirected anymore! I'll await your 'All clear' post before I unsubscribe. Thanks for all your help so far.
  13. Combofix report as requested: ComboFix 10-12-02.05 - Evan 04/12/2010 0:02.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.2291 [GMT 11:00] Running from: c:\users\Evan\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Evan\AppData\Local\Temp\A10F.tmp c:\users\Evan\AppData\Roaming\aladumu.exe c:\users\Evan\AppData\Roaming\ddlovii.exe c:\users\Evan\AppData\Roaming\dtrspqj.exe c:\users\Evan\AppData\Roaming\eehzkak.exe c:\users\Evan\AppData\Roaming\ejeifad.exe c:\users\Evan\AppData\Roaming\eumglcu.exe c:\users\Evan\AppData\Roaming\fkfivbs.exe c:\users\Evan\AppData\Roaming\google_cache243.tmp c:\users\Evan\AppData\Roaming\google_cache746.tmp c:\users\Evan\AppData\Roaming\gpufpcc.exe c:\users\Evan\AppData\Roaming\gxaltrj.exe c:\users\Evan\AppData\Roaming\hqqwuct.exe c:\users\Evan\AppData\Roaming\icnsmhy.exe c:\users\Evan\AppData\Roaming\jjwepwp.exe c:\users\Evan\AppData\Roaming\jktulqc.exe c:\users\Evan\AppData\Roaming\jlffmtc.exe c:\users\Evan\AppData\Roaming\jmkfrya.exe c:\users\Evan\AppData\Roaming\jvmaatn.exe c:\users\Evan\AppData\Roaming\khwqjbc.exe c:\users\Evan\AppData\Roaming\Microsoft\Crypted.exe c:\users\Evan\AppData\Roaming\Microsoft\eraseme.exe c:\users\Evan\AppData\Roaming\Microsoft\metus.exe c:\users\Evan\AppData\Roaming\Microsoft\newcrypt.exe c:\users\Evan\AppData\Roaming\Microsoft\Run.exe c:\users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe c:\users\Evan\AppData\Roaming\pfiekwq.exe c:\users\Evan\AppData\Roaming\ptibrrh.exe c:\users\Evan\AppData\Roaming\qmphdby.exe c:\users\Evan\AppData\Roaming\raid64.exe c:\users\Evan\AppData\Roaming\rgyumdx.exe c:\users\Evan\AppData\Roaming\sijvkve.exe c:\users\Evan\AppData\Roaming\tacwijc.exe c:\users\Evan\AppData\Roaming\tahjmdr.exe c:\users\Evan\AppData\Roaming\uritwwj.exe c:\users\Evan\AppData\Roaming\wydfbon.exe c:\users\Evan\AppData\Roaming\wznaqna.exe c:\users\Evan\AppData\Roaming\xlsyxge.exe c:\users\Evan\AppData\Roaming\xuxqnoh.exe c:\users\Evan\AppData\Roaming\zqbfyik.exe c:\users\Evan\AppData\Roaming\zrzysia.exe c:\windows\framework.exe D:\Autorun.inf Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe Infected copy of c:\windows\System32\wininit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe . ((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 ))))))))))))))))))))))))))))))) . 2010-12-03 12:11 . 2010-12-03 12:11 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-03 12:11 . 2010-12-03 12:11 -------- d-----w- c:\program files\Trend Micro 2010-12-03 11:08 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFFD1FEE-B8BC-4517-9A47-9AF60BD2D77B}\mpengine.dll 2010-12-01 09:26 . 2009-07-14 01:16 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LXKPTPRC.DLL 2010-11-16 16:45 . 2010-11-16 17:11 -------- d-----w- c:\users\Evan\AppData\Roaming\Mobipocket 2010-11-16 16:45 . 2010-11-16 16:45 -------- d-----w- c:\program files\Mobipocket.com 2010-11-13 06:21 . 2010-11-13 06:21 -------- d-----w- c:\users\Evan\AppData\Local\Activision 2010-11-13 06:21 . 2010-06-01 17:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-11-13 06:21 . 2010-06-01 17:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-11-13 06:21 . 2010-06-01 17:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-11-13 06:21 . 2010-05-26 00:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-11-13 06:21 . 2010-05-26 00:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2010-11-13 06:21 . 2010-05-26 00:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2010-11-13 06:21 . 2010-05-26 00:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-11-13 06:21 . 2010-05-26 00:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2010-11-13 06:01 . 2010-11-13 06:01 -------- d-----w- c:\program files\Activision 2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-02 16:06 . 2010-10-20 12:15 59392 --sh--r- c:\users\Evan\AppData\Roaming\iTunes.exe 2010-11-29 06:42 . 2010-04-20 11:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-29 06:42 . 2010-04-20 11:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-18 23:41 . 2009-11-14 01:14 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll 2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR 2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL 2010-09-14 17:50 . 2010-06-08 06:32 472808 ----a-w- c:\windows\system32\deployJava1.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate] @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}" [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}] 2010-06-03 14:53 442368 ----a-w- c:\windows\System32\ntshrui.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-09-16 16982016] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976] c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2009-6-30 1678848] Rainmeter.exe - Shortcut.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296] WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2009-11-14 42176] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKLM\~\startupfolder\C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 12:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-22 17:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apple iPod Service] 2010-12-02 16:06 59392 --sh--r- c:\users\Evan\AppData\Roaming\iTunes.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2009-05-12 23:22 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] 2008-07-22 01:34 2772992 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2009-04-06 23:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON TX110 Series] 2008-09-25 20:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFBP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2009-06-01 02:51 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 05:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-11-29 06:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-09-22 13:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 00:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Packet Monitor] 2010-07-22 16:33 266240 ----a-w- c:\users\Evan\AppData\Roaming\packet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2010-06-03 14:51 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrokeIt] 2009-06-16 17:52 24712 ----a-w- c:\program files\TCB Networks\StrokeIt\strokeit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-06-03 3179520] R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-06-03 164352] R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-06-03 10240] R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976] R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552] R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-06-03 80264] R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312] R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2009-07-13 50176] R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608] R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568] R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248] R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128] R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160] R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888] R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160] R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712] R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160] R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160] R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624] R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152] R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-06-03 332168] R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-06-03 65536] R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-06-03 232840] R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824] R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168] R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864] R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848] R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800] R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-06-03 130440] R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-06-03 28040] R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-06-03 116104] R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096] R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 MsRPC;MsRPC; [x] R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288] R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264] R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136] R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624] R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-06-03 143752] R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488] R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-06-03 15872] R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632] R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-06-03 26624] R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288] R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888] R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168] R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856] R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072] R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-06-03 28032] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2010-06-03 25600] R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-06-03 204800] R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-06-03 31232] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-06-03 50048] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840] R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424] R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016] R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-06-03 159616] R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736] R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920] R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904] R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968] R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632] R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2009-07-14 1202688] R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024] R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008] R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992] R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992] R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992] S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-06-03 22408] S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408] S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568] S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448] S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-06-03 194808] S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-06-03 14216] S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200] S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888] S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088] S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-06-03 173448] S0 spldr;Security Processor Loader Driver; [x] S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-06-03 40712] S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832] S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-06-03 176008] S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-06-03 53128] S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040] S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328] S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-06-03 388096] S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-06-03 78336] S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256] S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896] S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656] S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168] S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-06-03 74240] S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-06-03 63488] S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728] S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-05-10 233472] S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128] S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528] S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752] S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-06-03 35328] S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992] S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632] S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-07-13 31232] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-06-01 21392] S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-06-03 728448] S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992] S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608] S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528] S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552] S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416] S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-06-03 222208] S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-06-03 95744] S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152] S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-06-03 307200] S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-06-03 113664] S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-06-03 108544] S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-06-03 39936] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-09-08 901120] S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] RPCSS REG_MULTI_SZ RpcEptMapper RpcSs defragsvc REG_MULTI_SZ defragsvc WerSvcGroup REG_MULTI_SZ wersvc LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc swprv REG_MULTI_SZ swprv LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm regsvc REG_MULTI_SZ RemoteRegistry LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent sdrsvc REG_MULTI_SZ sdrsvc WbioSvcGroup REG_MULTI_SZ WbioSrvc wcssvc REG_MULTI_SZ WcsPlugInService AxInstSVGroup REG_MULTI_SZ AxInstSV secsvcs REG_MULTI_SZ WinDefend PeerDist REG_MULTI_SZ PeerDistSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Nla NWCWorkstation SRService Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS wercplsupport EapHost ProfSvc schedule hkmsvc SessionEnv winmgmt browser Themes BDESVC AppMgmt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted homegrouplistener HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService WdiServiceHost sppuinotify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService lanmanworkstation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted BthHFSrv homegroupprovider . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ninemsn.com.au/ uInternet Settings,ProxyOverride = *.local . - - - - ORPHANS REMOVED - - - - HKLM-Run-NPSStartup - (no file) HKLM-Run-framework - framework.exe SafeBoot-WudfPf SafeBoot-WudfRd SafeBoot-sacsvr SafeBoot-vmms MSConfigStartUp-DDS - c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe MSConfigStartUp-Driver Control Manager v2 - c:\users\Evan\AppData\Local\Temp\staklic.exe MSConfigStartUp-Framework - c:\users\Evan\AppData\Local\Temp\dxdiag.exe MSConfigStartUp-GodServices - c:\users\Evan\AppData\Local\Temp\godservices.exe MSConfigStartUp-HKCU - c:\users\Evan\AppData\Roaming\install\Svchost.exe MSConfigStartUp-Internet Security Service - c:\systemfiles\x-f-324553-12314-3344-1\ise32.exe MSConfigStartUp-Microsoft - c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe MSConfigStartUp-Microsoft Protector - c:\users\Evan\AppData\Roaming\winlogon.exe MSConfigStartUp-outbreak - c:\windows\outbreak.exe MSConfigStartUp-StartServiceWKKBTRRS - c:\users\Evan\AppData\Local\WKKBTRRS\StartService.exe MSConfigStartUp-Startup - c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe MSConfigStartUp-System RAID Manager - c:\users\Evan\AppData\Roaming\raid64.exe MSConfigStartUp-WinDoS - c:\users\Evan\AppData\Roaming\WinDoS.exe MSConfigStartUp-Windows Defense - c:\users\Evan\AppData\Roaming\winlogon.exe MSConfigStartUp-Windows Firewall - c:\users\Evan\AppData\Local\Temp\svchost.exe MSConfigStartUp-Windows Update - c:\users\Evan\AppData\Roaming\Microsoft\winupdate.exe MSConfigStartUp-WinsysMon - c:\users\Evan\Desktop\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\LiveUpdate.exe MSConfigStartUp-XA5RJ9EADJ - c:\users\Evan\AppData\Local\Temp\Ezr.exe MSConfigStartUp-YVIBBBHA8C - c:\users\Evan\AppData\Local\Temp\Ezq.exe ActiveSetup-{FDEBDB3F-BD6F-FDF9-C2FC-DACABC0EFA2D} - c:\users\Evan\AppData\Local\Temp\msconfig.exe AddRemove-{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0} - c:\program files\InstallShield Installation Information\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}\setup.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:14 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:14 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:14 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:14 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:14 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:14 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:14 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:14 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:14 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:14 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-04 00:14 Windows 6.1.7601 Service Pack 1, v.178 NTFS detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information*] "datasecu"=hex:07,37,cc,61,5a,d0,52,78,34,12,c1,93,40,fc,db,dc,d4,0f,3a,a7,8c, fe,10,76,76,c2,25,36,19,92,f5,3e,f9,62,17,ec,e0,f1,d1,89,5c,ab,c1,86,b9,78,\ "rkeysecu"=hex:d5,0a,79,73,61,f8,40,ae,45,cd,7f,f7,94,a1,ff,c8 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\system32\AUDIODG.EXE c:\windows\system32\DllHost.exe . ************************************************************************** . Completion time: 2010-12-04 00:16:03 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-03 13:16 Pre-Run: 13,505,970,176 bytes free Post-Run: 14,288,687,104 bytes free - - End Of File - - 93875AD38FD444541307BF8D8B6CBA4F
  14. Here's the TDSS Killer report you asked for: 2010/12/03 23:43:11.0006 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01 2010/12/03 23:43:11.0006 ================================================================================ 2010/12/03 23:43:11.0006 SystemInfo: 2010/12/03 23:43:11.0006 2010/12/03 23:43:11.0006 OS Version: 6.1.7601 ServicePack: 1.0 2010/12/03 23:43:11.0006 Product type: Workstation 2010/12/03 23:43:11.0006 ComputerName: EVAN-PC 2010/12/03 23:43:11.0009 UserName: Evan 2010/12/03 23:43:11.0009 Windows directory: C:\Windows 2010/12/03 23:43:11.0009 System windows directory: C:\Windows 2010/12/03 23:43:11.0009 Processor architecture: Intel x86 2010/12/03 23:43:11.0009 Number of processors: 2 2010/12/03 23:43:11.0009 Page size: 0x1000 2010/12/03 23:43:11.0009 Boot type: Normal boot 2010/12/03 23:43:11.0009 ================================================================================ 2010/12/03 23:43:11.0226 Initialize success 2010/12/03 23:43:57.0324 ================================================================================ 2010/12/03 23:43:57.0324 Scan started 2010/12/03 23:43:57.0324 Mode: Manual; 2010/12/03 23:43:57.0324 ================================================================================ 2010/12/03 23:43:58.0259 1394ohci (603257be9bb6c63c59a209cb188397cd) C:\Windows\system32\drivers\1394ohci.sys 2010/12/03 23:43:58.0282 ACPI (03d30820e6925134f87b3b91efa6d531) C:\Windows\system32\drivers\ACPI.sys 2010/12/03 23:43:58.0317 AcpiPmi (757b46b5b13a721631a3986f46ec19e4) C:\Windows\system32\drivers\acpipmi.sys 2010/12/03 23:43:58.0362 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2010/12/03 23:43:58.0382 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2010/12/03 23:43:58.0407 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2010/12/03 23:43:58.0462 AFD (a747f082a94b948329d95bd5b81240ca) C:\Windows\system32\drivers\afd.sys 2010/12/03 23:43:58.0487 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 2010/12/03 23:43:58.0502 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2010/12/03 23:43:58.0537 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 2010/12/03 23:43:58.0559 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 2010/12/03 23:43:58.0577 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 2010/12/03 23:43:58.0624 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2010/12/03 23:43:58.0644 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2010/12/03 23:43:58.0672 amdsata (1591fc5c5ab39cd8a3bc15aca8208db6) C:\Windows\system32\drivers\amdsata.sys 2010/12/03 23:43:58.0692 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2010/12/03 23:43:58.0729 amdxata (6c448694cbc493da5163aee19895eaf5) C:\Windows\system32\drivers\amdxata.sys 2010/12/03 23:43:58.0757 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2010/12/03 23:43:58.0869 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2010/12/03 23:43:58.0889 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2010/12/03 23:43:58.0914 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/12/03 23:43:58.0932 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 2010/12/03 23:43:58.0974 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2010/12/03 23:43:59.0014 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2010/12/03 23:43:59.0034 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2010/12/03 23:43:59.0059 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2010/12/03 23:43:59.0084 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2010/12/03 23:43:59.0104 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2010/12/03 23:43:59.0149 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2010/12/03 23:43:59.0174 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2010/12/03 23:43:59.0187 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2010/12/03 23:43:59.0212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2010/12/03 23:43:59.0227 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2010/12/03 23:43:59.0249 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2010/12/03 23:43:59.0272 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2010/12/03 23:43:59.0339 cdrom (bbd597af715a0baf883f935507a46525) C:\Windows\system32\drivers\cdrom.sys 2010/12/03 23:43:59.0369 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2010/12/03 23:43:59.0407 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2010/12/03 23:43:59.0424 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/12/03 23:43:59.0482 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 2010/12/03 23:43:59.0507 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2010/12/03 23:43:59.0517 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2010/12/03 23:43:59.0544 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2010/12/03 23:43:59.0584 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2010/12/03 23:43:59.0627 CSC (e03cc0f59998002d46119157c656dbcf) C:\Windows\system32\drivers\csc.sys 2010/12/03 23:43:59.0672 dc3d (abff959dc463e6e1a49dca6657e60b80) C:\Windows\system32\DRIVERS\dc3d.sys 2010/12/03 23:43:59.0712 DfsC (b0da84490580264b2e7e0d4ea32ce114) C:\Windows\system32\Drivers\dfsc.sys 2010/12/03 23:43:59.0729 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2010/12/03 23:43:59.0747 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2010/12/03 23:43:59.0807 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2010/12/03 23:43:59.0847 DXGKrnl (7f9b0a1d0bfb7e5b36a3524ab3a5c106) C:\Windows\System32\drivers\dxgkrnl.sys 2010/12/03 23:43:59.0932 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2010/12/03 23:43:59.0977 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2010/12/03 23:44:00.0002 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 2010/12/03 23:44:00.0032 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2010/12/03 23:44:00.0057 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2010/12/03 23:44:00.0074 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2010/12/03 23:44:00.0117 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2010/12/03 23:44:00.0134 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2010/12/03 23:44:00.0172 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/12/03 23:44:00.0192 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2010/12/03 23:44:00.0217 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2010/12/03 23:44:00.0307 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS 2010/12/03 23:44:00.0329 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2010/12/03 23:44:00.0367 fvevol (722975f0ee50e2f887853804e75ee43a) C:\Windows\system32\DRIVERS\fvevol.sys 2010/12/03 23:44:00.0392 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2010/12/03 23:44:00.0424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2010/12/03 23:44:00.0444 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2010/12/03 23:44:00.0497 HdAudAddService (e7a94cb497afeec4166fad66afd70da0) C:\Windows\system32\drivers\HdAudio.sys 2010/12/03 23:44:00.0539 HDAudBus (600b32e92caf9572a1139899ab53bdbb) C:\Windows\system32\drivers\HDAudBus.sys 2010/12/03 23:44:00.0564 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2010/12/03 23:44:00.0577 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2010/12/03 23:44:00.0594 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2010/12/03 23:44:00.0642 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2010/12/03 23:44:00.0677 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2010/12/03 23:44:00.0764 HTTP (0310c24b401d870ecee27feb0b3eb079) C:\Windows\system32\drivers\HTTP.sys 2010/12/03 23:44:00.0779 hwpolicy (742249da1c4c957b4eaeefe02915d0f3) C:\Windows\system32\drivers\hwpolicy.sys 2010/12/03 23:44:00.0822 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/12/03 23:44:00.0862 iaStorV (63ef40750bf61b05e2a4475e0d307692) C:\Windows\system32\drivers\iaStorV.sys 2010/12/03 23:44:00.0894 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2010/12/03 23:44:00.0937 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 2010/12/03 23:44:00.0962 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2010/12/03 23:44:00.0987 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/12/03 23:44:01.0024 IPMIDRV (a412aecd778ffb8632c0052b2420ec9c) C:\Windows\system32\drivers\IPMIDrv.sys 2010/12/03 23:44:01.0044 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2010/12/03 23:44:01.0062 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2010/12/03 23:44:01.0094 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 2010/12/03 23:44:01.0124 iScsiPrt (eea76b05d67d676fc3ce95a0b9a6a5a4) C:\Windows\system32\drivers\msiscsi.sys 2010/12/03 23:44:01.0177 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/12/03 23:44:01.0197 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/12/03 23:44:01.0237 KSecDD (db32186d6beb61cc42cf868d362dd7bc) C:\Windows\system32\Drivers\ksecdd.sys 2010/12/03 23:44:01.0264 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 2010/12/03 23:44:01.0302 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/12/03 23:44:01.0339 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2010/12/03 23:44:01.0362 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2010/12/03 23:44:01.0379 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2010/12/03 23:44:01.0434 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2010/12/03 23:44:01.0467 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2010/12/03 23:44:01.0484 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2010/12/03 23:44:01.0504 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2010/12/03 23:44:01.0532 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2010/12/03 23:44:01.0567 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2010/12/03 23:44:01.0602 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2010/12/03 23:44:01.0632 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2010/12/03 23:44:01.0647 mountmgr (531df893843d02ce62d3bfa76951c77e) C:\Windows\system32\drivers\mountmgr.sys 2010/12/03 23:44:01.0679 mpio (1c13ba296f05dbcc3a4a483ab6e2851a) C:\Windows\system32\drivers\mpio.sys 2010/12/03 23:44:01.0702 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2010/12/03 23:44:01.0722 MRxDAV (7836199ea1d407ac82a1ce73a6b98581) C:\Windows\system32\drivers\mrxdav.sys 2010/12/03 23:44:01.0764 mrxsmb (54a4950980c55723425634b77157f815) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/12/03 23:44:01.0802 mrxsmb10 (96008baa0a46847ee3325e0703ef9363) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/12/03 23:44:01.0834 mrxsmb20 (aed9002a283f48b2d33ff9d927ceac21) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/12/03 23:44:01.0862 msahci (08bcec2f04aeae1a4ed35956e6a128ed) C:\Windows\system32\drivers\msahci.sys 2010/12/03 23:44:01.0882 msdsm (5060e60d01588cd3fd48e27d1aaa9d2f) C:\Windows\system32\drivers\msdsm.sys 2010/12/03 23:44:01.0922 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2010/12/03 23:44:01.0962 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2010/12/03 23:44:02.0002 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 2010/12/03 23:44:02.0029 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2010/12/03 23:44:02.0049 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/12/03 23:44:02.0067 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2010/12/03 23:44:02.0109 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2010/12/03 23:44:02.0149 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 2010/12/03 23:44:02.0172 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2010/12/03 23:44:02.0184 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2010/12/03 23:44:02.0252 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys 2010/12/03 23:44:02.0354 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2010/12/03 23:44:02.0407 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2010/12/03 23:44:02.0449 NDIS (066bd99a254ffacdc446d298fe1b60e4) C:\Windows\system32\drivers\ndis.sys 2010/12/03 23:44:02.0472 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2010/12/03 23:44:02.0487 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/12/03 23:44:02.0509 Ndisuio (32c16991267cab0dbf23ed337f06bf8b) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/12/03 23:44:02.0527 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/12/03 23:44:02.0584 NDProxy (d14dd19ab140c8489f8e3d31c4d02700) C:\Windows\system32\drivers\NDProxy.sys 2010/12/03 23:44:02.0639 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2010/12/03 23:44:02.0679 NetBT (99d37ca2ddf10e03026cd49531b9d4f7) C:\Windows\system32\DRIVERS\netbt.sys 2010/12/03 23:44:02.0724 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2010/12/03 23:44:02.0739 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2010/12/03 23:44:02.0792 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2010/12/03 23:44:02.0832 Ntfs (7978f7f87bc19385f405ce65d405a86d) C:\Windows\system32\drivers\Ntfs.sys 2010/12/03 23:44:02.0869 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\Windows\system32\DRIVERS\NuidFltr.sys 2010/12/03 23:44:02.0882 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2010/12/03 23:44:03.0109 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/12/03 23:44:03.0189 nvraid (e8a72c0362bf9cd69bdf777b02862913) C:\Windows\system32\drivers\nvraid.sys 2010/12/03 23:44:03.0224 nvstor (992865e9294e4da1dded4c4ad36416d3) C:\Windows\system32\drivers\nvstor.sys 2010/12/03 23:44:03.0262 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 2010/12/03 23:44:03.0302 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 2010/12/03 23:44:03.0337 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2010/12/03 23:44:03.0352 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2010/12/03 23:44:03.0372 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2010/12/03 23:44:03.0439 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys 2010/12/03 23:44:03.0469 pci (7fedb00b310d59714cc6b01230d13fbb) C:\Windows\system32\drivers\pci.sys 2010/12/03 23:44:03.0507 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 2010/12/03 23:44:03.0534 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2010/12/03 23:44:03.0557 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2010/12/03 23:44:03.0582 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2010/12/03 23:44:03.0654 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\Windows\system32\DRIVERS\point32k.sys 2010/12/03 23:44:03.0692 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2010/12/03 23:44:03.0712 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2010/12/03 23:44:03.0752 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2010/12/03 23:44:03.0797 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2010/12/03 23:44:03.0822 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2010/12/03 23:44:03.0834 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2010/12/03 23:44:03.0859 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2010/12/03 23:44:03.0882 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2010/12/03 23:44:03.0899 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/12/03 23:44:03.0929 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/12/03 23:44:03.0947 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2010/12/03 23:44:03.0987 rdbss (533156fa661cf702386e4ca914d48e6e) C:\Windows\system32\DRIVERS\rdbss.sys 2010/12/03 23:44:04.0002 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2010/12/03 23:44:04.0034 RDPCDD (894200dc7aee085e1ac6abc3dcfa5e5a) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/12/03 23:44:04.0059 RDPDR (f053ce8ab18f35b8f216f5a77e0f85d1) C:\Windows\system32\drivers\rdpdr.sys 2010/12/03 23:44:04.0069 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2010/12/03 23:44:04.0087 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2010/12/03 23:44:04.0132 RdpVideoMiniport (105c69a890f730c1b94abcff89548649) C:\Windows\system32\drivers\rdpvideominiport.sys 2010/12/03 23:44:04.0167 RDPWD (c8108461da6a5b209daaeed035c8b19e) C:\Windows\system32\drivers\RDPWD.sys 2010/12/03 23:44:04.0187 rdyboost (609fd23d206708babec757bb195464bb) C:\Windows\system32\drivers\rdyboost.sys 2010/12/03 23:44:04.0239 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2010/12/03 23:44:04.0277 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys 2010/12/03 23:44:04.0297 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2010/12/03 23:44:04.0342 sbp2port (1580603cc7d15d42746a40a08f141b90) C:\Windows\system32\drivers\sbp2port.sys 2010/12/03 23:44:04.0379 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys 2010/12/03 23:44:04.0397 scfilter (46149917671695c6c53e5cce21bfb964) C:\Windows\system32\DRIVERS\scfilter.sys 2010/12/03 23:44:04.0429 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/12/03 23:44:04.0454 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2010/12/03 23:44:04.0472 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2010/12/03 23:44:04.0504 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2010/12/03 23:44:04.0557 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 2010/12/03 23:44:04.0569 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2010/12/03 23:44:04.0587 sffp_sd (f6cad0228b66355238c80e64b702fe94) C:\Windows\system32\drivers\sffp_sd.sys 2010/12/03 23:44:04.0612 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2010/12/03 23:44:04.0637 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 2010/12/03 23:44:04.0652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2010/12/03 23:44:04.0672 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2010/12/03 23:44:04.0687 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2010/12/03 23:44:04.0712 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2010/12/03 23:44:04.0767 srv (565d5d7437009cfd5ddf6072cc079e85) C:\Windows\system32\DRIVERS\srv.sys 2010/12/03 23:44:04.0792 srv2 (2ce50dafb60833ee9815331bf78e6cec) C:\Windows\system32\DRIVERS\srv2.sys 2010/12/03 23:44:04.0810 srvnet (20dd90c055e21e57e0586e2528a2268f) C:\Windows\system32\DRIVERS\srvnet.sys 2010/12/03 23:44:04.0850 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\Windows\system32\DRIVERS\ss_bbus.sys 2010/12/03 23:44:04.0867 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\Windows\system32\DRIVERS\ss_bmdfl.sys 2010/12/03 23:44:04.0882 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\Windows\system32\DRIVERS\ss_bmdm.sys 2010/12/03 23:44:04.0925 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2010/12/03 23:44:04.0990 storflt (f9cee86f95372726a519e7d66006fc84) C:\Windows\system32\drivers\vmstorfl.sys 2010/12/03 23:44:05.0025 storvsc (314b6b5bacee22637c8ad138ac7ae8fc) C:\Windows\system32\drivers\storvsc.sys 2010/12/03 23:44:05.0042 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 2010/12/03 23:44:05.0157 Tcpip (ba2997f44bcc249f3c383f0bea7da673) C:\Windows\system32\drivers\tcpip.sys 2010/12/03 23:44:05.0197 TCPIP6 (ba2997f44bcc249f3c383f0bea7da673) C:\Windows\system32\DRIVERS\tcpip.sys 2010/12/03 23:44:05.0230 tcpipreg (a371a6485743f7f1d753655869688c8c) C:\Windows\system32\drivers\tcpipreg.sys 2010/12/03 23:44:05.0262 TDPIPE (a3578156a3682e938abfd5457f5318a8) C:\Windows\system32\drivers\tdpipe.sys 2010/12/03 23:44:05.0277 TDTCP (d536c371fa5a43f2bee3b60b0857ee77) C:\Windows\system32\drivers\tdtcp.sys 2010/12/03 23:44:05.0295 tdx (b6cb4ecc4142388ceb7c6c568f9e6cd1) C:\Windows\system32\DRIVERS\tdx.sys 2010/12/03 23:44:05.0305 TermDD (5cab301fa1300f19dab769f18f05bd17) C:\Windows\system32\drivers\termdd.sys 2010/12/03 23:44:05.0335 terminpt (e9fddf205210c265c9448f4eab0545a4) C:\Windows\system32\DRIVERS\terminpt.sys 2010/12/03 23:44:05.0387 TPkd (5815ae5ef8519066f19e575d67f6f191) C:\Windows\system32\drivers\TPkd.sys 2010/12/03 23:44:05.0432 tssecsrv (14ac0bc654508bf98f9a501f402709cc) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/12/03 23:44:05.0467 TsUsbFlt (d0a10ef0d435739a32eed44b6f4cfa21) C:\Windows\system32\drivers\tsusbflt.sys 2010/12/03 23:44:05.0512 tunnel (ff8fb6c8b15dacfe71057d7b0e79b427) C:\Windows\system32\DRIVERS\tunnel.sys 2010/12/03 23:44:05.0547 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2010/12/03 23:44:05.0575 udfs (00e6889653b8b7f220d3565c953bb185) C:\Windows\system32\DRIVERS\udfs.sys 2010/12/03 23:44:05.0605 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 2010/12/03 23:44:05.0667 umbus (b44b6c1f50daa3ed532aa1cfdfd2b192) C:\Windows\system32\drivers\umbus.sys 2010/12/03 23:44:05.0690 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2010/12/03 23:44:05.0745 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys 2010/12/03 23:44:05.0767 usbccgp (76880d8312c4595a6a2909819a869010) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/12/03 23:44:05.0802 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 2010/12/03 23:44:05.0822 usbehci (dfb8c7a7fdc1e90ab39f4874cc1aae32) C:\Windows\system32\drivers\usbehci.sys 2010/12/03 23:44:05.0845 usbhub (b580202f0b982c6e8b7403fb7d285dfe) C:\Windows\system32\drivers\usbhub.sys 2010/12/03 23:44:05.0865 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys 2010/12/03 23:44:05.0930 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2010/12/03 23:44:05.0972 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2010/12/03 23:44:05.0992 USBSTOR (251fae54062b021516ba4e538d1ecfb2) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/12/03 23:44:06.0032 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys 2010/12/03 23:44:06.0057 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 2010/12/03 23:44:06.0090 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/12/03 23:44:06.0105 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2010/12/03 23:44:06.0140 vhdmp (63af903a647295d801163a166351c566) C:\Windows\system32\drivers\vhdmp.sys 2010/12/03 23:44:06.0205 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 2010/12/03 23:44:06.0220 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2010/12/03 23:44:06.0295 VIAHdAudAddService (ec1fdb8461acca4e34c2022e2b32cf5c) C:\Windows\system32\drivers\viahduaa.sys 2010/12/03 23:44:06.0332 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 2010/12/03 23:44:06.0372 vmbus (64d56d26b8d79c31584267ace105521a) C:\Windows\system32\drivers\vmbus.sys 2010/12/03 23:44:06.0395 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2010/12/03 23:44:06.0407 volmgr (608cfc7d3b638ba5843be026951e03d3) C:\Windows\system32\drivers\volmgr.sys 2010/12/03 23:44:06.0427 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2010/12/03 23:44:06.0447 volsnap (cc63437be17db71b356887736680e266) C:\Windows\system32\drivers\volsnap.sys 2010/12/03 23:44:06.0487 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2010/12/03 23:44:06.0507 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2010/12/03 23:44:06.0530 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2010/12/03 23:44:06.0567 WANARP (205ebf4773ffd5dd58a625555d97da1e) C:\Windows\system32\DRIVERS\wanarp.sys 2010/12/03 23:44:06.0575 Wanarpv6 (205ebf4773ffd5dd58a625555d97da1e) C:\Windows\system32\DRIVERS\wanarp.sys 2010/12/03 23:44:06.0602 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2010/12/03 23:44:06.0632 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2010/12/03 23:44:06.0675 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2010/12/03 23:44:06.0695 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2010/12/03 23:44:06.0777 WinUsb (8be4eeaaed25e769c8b3b62df34420c6) C:\Windows\system32\DRIVERS\WinUsb.sys 2010/12/03 23:44:06.0825 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 2010/12/03 23:44:06.0855 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/12/03 23:44:06.0907 WudfPf (07c8005ad9feb4f050e8f83cb177e546) C:\Windows\system32\drivers\WudfPf.sys 2010/12/03 23:44:06.0940 WUDFRd (59504d70479fdd577adee9ac760290d1) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/12/03 23:44:06.0987 ================================================================================ 2010/12/03 23:44:06.0987 Scan finished 2010/12/03 23:44:06.0987 ================================================================================ BTW, thanks for the prompt reply.
  15. Hi there, Thanks in advance for your assistance! All my google links have been getting redirected since last month, and I've absolutely no idea why. Both IE and Opera seem to have the same problem. I can access most links by clicking on the 'cached' option, but I'm getting sick of having to resort to this. I've run multiple MBAM scans to no avail. The following is the most recent log. ========= Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5214 Windows 6.1.7601 Service Pack 1, v.178 Internet Explorer 8.0.7601.16562 3/12/2010 11:13:53 PM mbam-log-2010-12-03 (23-13-53).txt Scan type: Quick scan Objects scanned: 143562 Time elapsed: 3 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ========= Here's the HJT log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:17:48 PM, on 3/12/2010 Platform: Windows 7 SP1, v.178 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.16562) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Windows\framework.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files\WordWeb\wweb32.exe C:\Users\Evan\AppData\Local\Temp\msconfig.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [framework] framework.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [msconfig] C:\Users\Evan\AppData\Local\Temp\msconfig.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: GIGABYTE Gamer HUD Lite.lnk = C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe O4 - Startup: Rainmeter.exe - Shortcut.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/gom/receiver/tc/FMSI.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6983 bytes ========= Thank you for your time.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.