Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/Crypt.ZPACK.Gen [INFECTED] removal [logs ready]

Started by silentcolours , Jul 15 2009 01:05 PM

  • Please log in to reply

#1
silentcolours
Posted 15 July 2009 - 01:05 PM

silentcolours

    New Member

  • Member
  • Pip
  • 3 posts
Any help will be greatly appreciated.



Avira AntiVir Personal
Report file date: 15 July 2009 19:24

Scanning for 1523462 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : SILENTCOLOURS

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 6/9/2009 21:15:38
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 10:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 11:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 10:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 12:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 10:07:35
ANTIVIR2.VDF : 7.1.4.221 1273856 Bytes 7/12/2009 19:48:36
ANTIVIR3.VDF : 7.1.4.234 106496 Bytes 7/14/2009 19:49:12
Engineversion : 8.2.0.215
AEVDF.DLL : 8.1.1.1 106868 Bytes 5/17/2009 17:37:37
AESCRIPT.DLL : 8.1.2.16 438651 Bytes 7/14/2009 19:49:33
AESCN.DLL : 8.1.2.3 127347 Bytes 5/17/2009 17:37:36
AERDL.DLL : 8.1.2.4 430452 Bytes 7/14/2009 19:49:30
AEPACK.DLL : 8.1.3.18 401783 Bytes 5/28/2009 10:49:26
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/18/2009 16:48:04
AEHEUR.DLL : 8.1.0.141 1855864 Bytes 7/14/2009 19:49:27
AEHELP.DLL : 8.1.4.5 229748 Bytes 7/14/2009 19:49:16
AEGEN.DLL : 8.1.1.48 348532 Bytes 7/3/2009 11:41:21
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 14:32:40
AECORE.DLL : 8.1.7.5 180597 Bytes 7/14/2009 19:49:14
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 14:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 10:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 14:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 10:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 15:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 10:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 08:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 10:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/9/2009 21:15:38
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 10:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+JOKE,+PCK,+SPR,

Start of the scan: 15 July 2009 19:24

Starting search for hidden objects.
'37573' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'JavaRa.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MAGICD~1.EXE' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'RaUI.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
54 processes with 54 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '57' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\J Constantinides\Local Settings\Application Data\PunkBuster\COD4\pb\PnkBstrK.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP38\A0001351.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP38\A0001407.exe
[0] Archive type: ZIP SFX (self extracting)
--> SWITCHUNINST_44ZONE LABS.EXE
[1] Archive type: RSRC
--> WINDOWS6.0-KB929547-V2-X64.MSU
[1] Archive type: CAB (Microsoft)
--> Windows6.0-KB929547-v2-x64.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP46\A0001551.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP46\A0001552.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP46\A0001634.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP46\A0001635.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP47\A0001659.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP47\A0001660.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP48\A0001755.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP48\A0001756.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP49\A0001819.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP49\A0001820.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP49\A0001964.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP49\A0001965.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP50\A0002131.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP50\A0002132.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP50\A0002177.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP50\A0002178.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP50\A0002203.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP50\A0002204.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP51\A0002262.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP51\A0002263.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP52\A0002287.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP52\A0002288.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP53\A0002377.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP53\A0002378.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP54\A0002428.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP54\A0002429.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP56\A0003670.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP56\A0003671.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP56\A0003703.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP56\A0003704.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP57\A0003741.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP57\A0003742.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP58\A0003837.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP58\A0003838.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP58\A0003866.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP58\A0003867.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP59\A0004974.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP59\A0004975.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP60\A0005035.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP60\A0005036.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP61\A0005068.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP61\A0005069.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP61\A0005114.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP61\A0005115.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP61\A0005134.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP61\A0005135.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP62\A0005142.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP62\A0005143.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP62\A0005172.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP62\A0005173.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP62\A0005186.dll
[DETECTION] Is the TR/Patched.GY.4 Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP62\A0005192.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP62\A0005193.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP63\A0005198.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP63\A0005199.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP64\A0005295.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP64\A0005296.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP65\A0005370.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP65\A0005371.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP67\A0005502.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP67\A0005503.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP68\A0005530.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP68\A0005531.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP68\A0005564.exe
[DETECTION] Is the TR/Patched.GY.3 Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP68\A0005598.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP68\A0005605.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP68\A0005606.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\WINDOWS\system32\drivers\PnkBstrK.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
Begin scan in 'F:\' <hot diggity dog!>
F:\NewPrograms\zaZA_Setup_en.exe
[0] Archive type: ZIP SFX (self extracting)
--> SWITCHUNINST_44ZONE LABS.EXE
[1] Archive type: RSRC
--> WINDOWS6.0-KB929547-V2-X64.MSU
[1] Archive type: CAB (Microsoft)
--> Windows6.0-KB929547-v2-x64.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed

Beginning disinfection:
C:\Documents and Settings\J Constantinides\Local Settings\Application Data\PunkBuster\COD4\pb\PnkBstrK.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4ac926ca.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP38\A0001351.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4a8e268c.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP46\A0001551.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4beaa8a5.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP46\A0001552.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49106eed.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP46\A0001634.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4be9830d.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP46\A0001635.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4be8bb35.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP47\A0001659.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4be7939d.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP47\A0001660.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '491176a5.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP48\A0001755.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '492e717d.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP48\A0001756.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '492f7935.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP49\A0001819.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '492c410d.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP49\A0001820.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '492d49c5.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP49\A0001964.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '492a519d.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP49\A0001965.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4be5e22d.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP50\A0002131.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49051005.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP50\A0002132.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4bebb37d.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP50\A0002177.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4994c8ad.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP50\A0002178.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4997c0d5.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP50\A0002203.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4995d365.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP50\A0002204.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '499023f5.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP51\A0002262.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49912bcd.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP51\A0002263.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49ae3385.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP52\A0002287.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49af3a5d.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP52\A0002288.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49ac0215.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP53\A0002377.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49ad2cfd.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP53\A0002378.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4a8e268d.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP54\A0002428.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49ab3c8e.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP54\A0002429.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a80746.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP56\A0003670.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a90f1e.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP56\A0003671.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a617d6.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP56\A0003703.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a71fae.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP56\A0003704.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a46666.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP57\A0003741.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a56e3e.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP57\A0003742.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a276f6.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP58\A0003837.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a37ece.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP58\A0003838.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a04686.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP58\A0003866.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49a1415e.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP58\A0003867.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49be4916.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP59\A0004974.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49bf51ee.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP59\A0004975.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49bc59a6.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP60\A0005035.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49bda07e.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP60\A0005036.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49baa836.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP61\A0005068.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49bbb00e.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP61\A0005069.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49b8b8c6.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP61\A0005114.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49b9809e.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP61\A0005115.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49b68b56.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP61\A0005134.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49b7932e.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP61\A0005135.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49b49be6.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP62\A0005142.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49b5e3be.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP62\A0005143.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49b2ea76.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP62\A0005172.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49b3f24e.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP62\A0005173.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49b0fa06.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP62\A0005186.dll
[DETECTION] Is the TR/Patched.GY.4 Trojan
[NOTE] The file was moved to '49b1c2de.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP62\A0005192.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49ceca96.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP62\A0005193.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49cfd56e.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP63\A0005198.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49ccdd26.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP63\A0005199.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49ca25fe.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP64\A0005295.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49cb2db6.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP64\A0005296.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49c8358e.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP65\A0005370.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49c93c46.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP65\A0005371.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49c6041e.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP67\A0005502.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49c70cd6.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP67\A0005503.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49c414ae.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP68\A0005530.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49c51f66.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP68\A0005531.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49c2673e.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP68\A0005564.exe
[DETECTION] Is the TR/Patched.GY.3 Trojan
[NOTE] The file was moved to '49c36ff6.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP68\A0005598.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4a8e268e.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP68\A0005605.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49c17f87.qua'!
C:\System Volume Information\_restore{8ED3AADA-A766-4E96-A9AB-BBB7D1761406}\RP68\A0005606.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '49de465f.qua'!
C:\WINDOWS\system32\drivers\PnkBstrK.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4ac926cc.qua'!


End of the scan: 15 July 2009 19:56
Used time: 32:02 Minute(s)

The scan has been done completely.

8869 Scanned directories
503677 Files were scanned
70 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
70 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
503606 Files not concerned
7030 Archives were scanned
3 Warnings
71 Notes
37573 Objects were scanned with rootkit scan
0 Hidden objects were found
  • 0

Advertisements

#2
silentcolours
Posted 15 July 2009 - 01:06 PM

silentcolours

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Malwarebytes' Anti-Malware 1.39
Database version: 2435
Windows 5.1.2600 Service Pack 2

15/07/2009 20:03:47
mbam-log-2009-07-15 (20-03-47).txt

Scan type: Quick Scan
Objects scanned: 92632
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Waiting for random's system information tool (RSIT) to finish.

Edited by silentcolours, 15 July 2009 - 01:13 PM.

  • 0

#3
silentcolours
Posted 15 July 2009 - 01:16 PM

silentcolours

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Logfile of random's system information tool 1.06 (written by random/random)
Run by J Constantinides at 2009-07-15 20:15:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 72 GB (50%) free of 143 GB
Total RAM: 3326 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:54, on 15/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\EDIMAX\Common\RaUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\J Constantinides\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Documents and Settings\J Constantinides\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\J Constantinides\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\J Constantinides\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\J Constantinides\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\J Constantinides\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\J Constantinides\Desktop\RSIT.exe
C:\Program Files\trend micro\J Constantinides.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6400 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-15 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-15 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-17 17508864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-15 148888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-07-13 414992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Wireless Utility.lnk - C:\Program Files\EDIMAX\Common\RaUI.exe

C:\Documents and Settings\J Constantinides\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-03-16 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d36d716a-7161-11de-9f14-001f1f31c2e7}]
shell\AutoRun\command - G:\SETUP.EXE /AUTORUN
shell\configure\command - G:\SETUP.EXE
shell\install\command - G:\SETUP.EXE


======List of files/folders created in the last 1 months======

2009-07-15 20:07:20 ----D---- C:\Program Files\trend micro
2009-07-15 20:07:19 ----D---- C:\rsit
2009-07-15 19:57:47 ----D---- C:\Documents and Settings\J Constantinides\Application Data\Malwarebytes
2009-07-15 19:57:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-15 19:57:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-15 19:28:04 ----D---- C:\Cure
2009-07-15 19:16:30 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-15 19:16:30 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-15 19:16:30 ----A---- C:\WINDOWS\system32\java.exe
2009-07-15 18:14:18 ----A---- C:\WINDOWS\ODBC.INI
2009-07-15 18:14:16 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-07-15 18:13:47 ----D---- C:\Program Files\Microsoft ActiveSync
2009-07-15 18:13:41 ----D---- C:\Program Files\Common Files\DESIGNER
2009-07-15 18:13:25 ----D---- C:\WINDOWS\SHELLNEW
2009-07-15 18:13:24 ----D---- C:\Program Files\Microsoft Office
2009-07-15 18:12:30 ----D---- C:\WINDOWS\LastGood
2009-07-15 18:12:28 ----D---- C:\Program Files\MagicDisc
2009-07-14 21:12:17 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-14 17:24:58 ----A---- C:\WINDOWS\system32\UNWISE.EXE
2009-07-14 17:24:58 ----A---- C:\WINDOWS\system32\hsduinst.exe
2009-07-14 17:24:58 ----A---- C:\WINDOWS\system32\hinstd.dll
2009-07-05 16:20:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-05 16:20:52 ----D---- C:\Program Files\Common Files\Adobe
2009-07-05 16:20:52 ----D---- C:\Program Files\Adobe
2009-07-03 13:30:24 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-07-03 13:30:24 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-07-03 13:30:24 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-07-03 13:30:24 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-07-03 13:30:24 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-07-03 13:30:24 ----N---- C:\WINDOWS\system32\px.dll
2009-07-03 13:30:15 ----D---- C:\WINDOWS\system32\IOSUBSYS
2009-07-03 13:30:11 ----D---- C:\Program Files\Google
2009-07-01 21:03:12 ----D---- C:\Documents and Settings\J Constantinides\Application Data\skypePM
2009-07-01 20:50:46 ----D---- C:\Documents and Settings\J Constantinides\Application Data\Skype
2009-07-01 20:50:41 ----D---- C:\Program Files\Common Files\Skype
2009-07-01 20:50:39 ----RD---- C:\Program Files\Skype
2009-07-01 20:50:32 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-07-01 19:51:45 ----D---- C:\Documents and Settings\J Constantinides\Application Data\Apple Computer
2009-07-01 19:51:40 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-07-01 19:51:28 ----D---- C:\Program Files\iPod
2009-07-01 19:51:26 ----D---- C:\Program Files\iTunes
2009-07-01 19:51:26 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-01 19:51:18 ----D---- C:\Program Files\Bonjour
2009-07-01 19:50:57 ----D---- C:\Program Files\QuickTime
2009-07-01 19:50:57 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-07-01 19:50:49 ----D---- C:\Program Files\Apple Software Update
2009-07-01 19:50:27 ----D---- C:\Program Files\Common Files\Apple
2009-07-01 19:50:26 ----D---- C:\Documents and Settings\All Users\Application Data\Apple

======List of files/folders modified in the last 1 months======

2009-07-15 20:13:54 ----D---- C:\WINDOWS\Prefetch
2009-07-15 20:08:34 ----D---- C:\WINDOWS\Internet Logs
2009-07-15 20:07:20 ----RD---- C:\Program Files
2009-07-15 19:57:42 ----D---- C:\WINDOWS\system32\drivers
2009-07-15 19:16:45 ----SHD---- C:\WINDOWS\Installer
2009-07-15 19:16:31 ----D---- C:\WINDOWS\Temp
2009-07-15 19:16:30 ----D---- C:\WINDOWS\system32
2009-07-15 19:16:24 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-15 18:15:07 ----SD---- C:\Documents and Settings\J Constantinides\Application Data\Microsoft
2009-07-15 18:14:18 ----D---- C:\WINDOWS
2009-07-15 18:14:01 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-15 18:14:00 ----RSD---- C:\WINDOWS\Fonts
2009-07-15 18:13:41 ----D---- C:\Program Files\Common Files
2009-07-15 18:13:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-15 18:12:55 ----D---- C:\WINDOWS\system
2009-07-15 18:12:31 ----HD---- C:\WINDOWS\inf
2009-07-15 17:20:17 ----D---- C:\WINDOWS\Registration
2009-07-15 17:20:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-15 10:03:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-14 23:11:07 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-14 21:12:34 ----D---- C:\Documents and Settings
2009-07-14 21:06:14 ----D---- C:\Documents and Settings\J Constantinides\Application Data\uTorrent
2009-07-14 21:00:34 ----D---- C:\Documents and Settings\J Constantinides\Application Data\vlc
2009-07-14 17:24:59 ----D---- C:\WINDOWS\system32\Setup
2009-07-07 17:34:25 ----D---- C:\Program Files\Windows Sidebar
2009-07-05 16:21:33 ----D---- C:\Documents and Settings\J Constantinides\Application Data\Adobe
2009-07-03 13:28:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-01 19:51:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-01 19:50:51 ----SD---- C:\WINDOWS\Tasks
2009-06-18 18:02:25 ----D---- C:\Program Files\Xfire
2009-06-17 23:34:24 ----D---- C:\Documents and Settings\J Constantinides\Application Data\Xfire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-10 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-05-26 21361]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-03-14 41984]
R2 GDI23880;Genesis Video Capture; C:\WINDOWS\system32\drivers\gdi2vid.sys [2004-11-07 164480]
R2 GDI2BTS;Genesis BDA Transport Capture; C:\WINDOWS\system32\drivers\gdi2bts.sys [2004-11-07 13696]
R2 GDI2IR;Genesis InfraRed; C:\WINDOWS\system32\drivers\gdi2ir.sys [2004-11-07 9856]
R2 GDI2XBAR;Genesis Crossbar; C:\WINDOWS\system32\drivers\gdi2xbr.sys [2004-11-07 10112]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-03-16 3597312]
R3 GDI2BDA;Black Gold Signature BDA DVB Tuner/Demod; C:\WINDOWS\system32\drivers\gdi2bda.sys [2004-11-07 169728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-10 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-17 5026816]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2008-01-15 459520]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-03-23 130688]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-10 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-10 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter; C:\WINDOWS\system32\DRIVERS\wg121nd5.sys [2003-11-28 337216]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-09 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-03-16 602112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-15 152984]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-11 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-14 189104]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-03-17 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-04-16 91184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]

-----------------EOF-----------------
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP