Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

Solved Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Sun 02 Sep 2012, 8:11 am

First topic message reminder :

I have an HP Pavillion G60 laptop computer.
I have been having issues with what I suspect is malware.
Malwarebytes Anti-Malware scan reveals the 2 following malware:
Vendor: Trojan.Agent Category: File Item: c:\windows\svchost.exe
Vendor: Trojan.Agent Category: Memory Process Item: c:\windows\svchost.ext Other: 8984
After telling Malwarebytes to remove selected, it rebooted. After scanning again, I get the same results with the number 7064 instead of 8984.
Microsoft Malicious software remover tool found the following: Trojan:DOS/Alurean.A It said to use an antivirus program to remove, but Norton SystemWorks did not find it.
I am enclosing the OTL logs and AdwCleaner logs in the next posts.

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down


Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Sun 02 Sep 2012, 8:47 am

AswCleaner

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by DragonMaster Jay on Sun 02 Sep 2012, 8:49 am

Hello there. Welcome to the malware removal forum.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there (if necessary)
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Sun 02 Sep 2012, 8:55 am

Extras.txt:

OTL Extras logfile created on: 9/1/2012 4:31:01 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\user\Desktop\Malware Removal
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 49.25% Memory free
7.81 Gb Paging File | 5.06 Gb Available in Paging File | 64.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.82 Gb Total Space | 81.19 Gb Free Space | 36.77% Space Free | Partition Type: NTFS
Drive D: | 11.87 Gb Total Space | 2.00 Gb Free Space | 16.85% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F5872F-C081-4791-8024-951552F50FED}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D225D00-6273-49ED-945F-960F9E3A3A4D}" = lport=137 | protocol=17 | dir=in | app=system |
"{16C48320-986A-4E97-8CD7-CEA9D779DA22}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FB8C109-E057-437D-81C5-25FC7951FF2E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3B8CBC89-1F33-49F9-86ED-693BF8160768}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3BB7A601-BBFD-4C6E-9EB7-D42053B9666E}" = rport=139 | protocol=6 | dir=out | app=system |
"{45ECF997-CE46-4061-8C4C-53C0836428AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4ACAB0A0-30A2-4016-A4F6-353EF050CAAC}" = rport=138 | protocol=17 | dir=out | app=system |
"{4D72AF51-5D8E-46FC-984F-D54D28B38301}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5298FB2B-6954-41E8-A53F-613B0B2F8D09}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{570A41C7-2109-4130-BF4E-7F75118C5485}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5751A539-0893-4174-8825-5794B5F5CFB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{59991A2F-E52E-4619-9A78-294D46BB1396}" = lport=2869 | protocol=6 | dir=in | app=system |
"{68131E4B-9121-4808-BBDB-0D01B0C0B85B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{68AD3CE2-A15B-43FB-9AFC-7D4B51A499E1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AA30CCD-76C1-488F-9406-76106514168E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8231ACBD-D24F-4685-BF18-381104352D27}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{84473323-BE7C-4AFE-AD77-0D26A39895CC}" = rport=445 | protocol=6 | dir=out | app=system |
"{8CFA435C-5F5F-48A8-A35F-2AF54D4EBAE9}" = rport=137 | protocol=17 | dir=out | app=system |
"{90FDF620-7AC0-449A-BAC4-1299A598161A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{911C4D27-762E-4D1E-BFF0-24987D19C764}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C010C10A-8C13-4D52-B889-2FF329390FA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB9C16AD-E246-417B-9745-B4A91E702782}" = lport=445 | protocol=6 | dir=in | app=system |
"{CCE5C0D4-C45A-426A-B078-9EC51EFE9FFE}" = lport=138 | protocol=17 | dir=in | app=system |
"{D04E101A-3928-4F7A-8E6E-193AF915AF79}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{D662CE23-4923-43D9-9863-DD0D067E0C62}" = lport=139 | protocol=6 | dir=in | app=system |
"{D91E9156-469A-4B1D-9545-B77BCE50BC2E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{E0AEA2D5-2238-4760-B8E9-A37520533255}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E6D4F36A-C8F0-486B-A710-C3B51CA0FA27}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FEF3220F-F417-4F1D-AA9A-CB1D72A67479}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E3B965-F55C-47E0-B1C5-87C3850CD98F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{036A77C0-41A0-412A-B0BB-BE0C5B655A92}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{06B4B153-7DC0-4A35-8CB5-74CC7F0660A6}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{0AD0DB94-6135-4DD9-9352-E8E22019F117}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{0E7AD04E-53DD-404F-9891-03A89B81B617}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{108DEAAC-1729-4236-A472-9C0441AB8806}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{122E53B5-B220-43CC-96D9-B6CD7A232E05}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{14A9741A-AB16-4AFC-A50F-918E533668DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14DC5516-958A-4E8F-8E92-705CB6669459}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{16301295-B658-43F5-90DD-8FDBEAD690CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{168733D7-46B2-4F28-89D1-CFD9CD487CA0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{17664D0D-362B-48B9-B630-9122B67B615D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19BF3C06-6925-4A88-A178-5C450EC33444}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1C90AE80-17BB-49A5-84C2-C27DFD3B0BD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D8CCC37-8EB0-458F-9600-6A4B08C9EF12}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1EFA1EC3-2645-4B2F-9F6C-D70B7FAC0AAE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{2BDA4B3F-9E76-4A7E-930D-4487ED57C46A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C39364D-69BD-4571-8780-1E8B0A5D8B6D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2CA6F79C-CF87-479B-8836-DCFC7ABBDED7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{2EA262E2-A474-4C76-B23C-B476B99EFA2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{341CDB56-E942-4529-8EA0-7684890AC199}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{37D5D08A-2C3F-4437-A2F0-F16BC97DF0A3}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{4100B2FC-EF9D-4B37-89AA-9E5D7046DD57}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{43FC9575-AB99-4482-A7C7-EC81955B26F0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{46408FEF-05D7-4135-808C-98D83B2F79B0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{46FCF515-2AAC-4A02-B47A-684E4AD6304F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4796481A-3488-44D0-B83F-BE6A682D1CB1}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{4B422638-30D1-4665-AEC1-32DA3D4079E6}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{592A334E-1F8E-4585-A9DF-B53616C2268E}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{64631DA7-6FC8-42A4-BBDD-813E96CC58A1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{64744658-E979-42C9-AA09-F07EB5CA80C1}" = protocol=17 | dir=in | app=c:\program files (x86)\searchresultstb\dtuser.exe |
"{669F1E03-38FA-4BAF-9A91-B4409EAA40F6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6F92C225-DEF3-405F-928C-76F05E221673}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80CD9EEF-3C46-43CA-8275-70662DF03D86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81444279-DD02-4792-B572-9A0BFD98034D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{85061E0B-6819-48D8-BC66-56360F7C7F7F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8A4F09FA-735B-4824-898E-91DE3015B987}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9261DEF0-0FDC-4D01-83BF-9F28126D359E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{9661485A-D61C-4462-9E5A-54EC19B7A141}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9B1C859C-6961-4005-93DA-ED7F4C6F7910}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9C9387D1-E820-44A7-8C31-1D01A19B5270}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A6EC0241-120E-48CF-BD10-4549D46941A9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{AE652296-4DDA-41F3-ABA5-A694877AB779}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{B307D4E7-F7BF-4C7C-876A-14E9F20B1C27}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{B3A088F8-1485-449B-AD21-408D2F8127AC}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{B94D818E-E0D7-462F-A0D8-531DB5F6EBA9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{BAD361EC-9C47-4E6B-BA53-7AE8BCE7A16C}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{BE3506DF-412F-470E-9342-99A287B1422B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C765CAA1-6121-4F18-987E-342A0F5B7D7A}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{C7DF227C-A5A1-45C2-8F74-43C6CD5F6F06}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CF071BB8-16C2-4741-B1F2-4C32D1616F9A}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{D054B3B5-F56C-4EE8-981D-5EEAB565DE9F}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D0820041-6DCD-41F5-AB0F-5D8CC8C013E6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D3051B4B-B8E4-4C5F-AC3F-98BCFA7915AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DB0B87B9-8C7A-4B2D-872F-EB80CE9F3305}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{DC92B69E-5237-4D34-B2CC-CF90F69D9940}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DDD5AB6B-6AA1-49A2-9D6C-37FF7EBC5A55}" = protocol=6 | dir=out | app=system |

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Sun 02 Sep 2012, 8:56 am


"{EB2B899D-282B-4B53-B18A-250561D8FD68}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EB791DE0-A1F0-48C2-9127-177A0E9A8B55}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{EE98740A-00B9-4B58-81B7-F5AF26FD319E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF1D87CE-1377-4C47-89EC-057BDCD9AE17}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F15FF339-CA1A-4591-AB95-BEA84938B19B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F5435B10-1E0D-48E5-BF0E-7A11B241F932}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{F5C9593C-F86E-420D-BBE8-B4AB7451D3AD}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{FB1BF02F-E304-4B42-88C8-9E9FA664964F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FB36512E-3FBD-444D-B4C3-9F8223F76ADC}" = protocol=6 | dir=in | app=c:\program files (x86)\searchresultstb\dtuser.exe |
"{FCD97045-29F0-4A06-B5EC-04CB3E9D04F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FDE5D099-3CE5-4F7D-A90B-F777495C8E49}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{9D723DCE-8350-44F6-A4A4-DE2023490832}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{A3EC7B0B-F3E2-4BCE-B077-2B2C4DC4819F}C:\users\user\appdata\local\temp\lmi87b7.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\lmi87b7.tmp\lmi_rescue.exe |
"TCP Query User{E9A019A9-F998-4CC6-91A9-63B5A990B3A1}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0E298E5C-2339-4414-B210-007CCB13842D}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4A6CB6F7-D895-4213-9FD1-B84B1735FC9B}C:\users\user\appdata\local\temp\lmi87b7.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\lmi87b7.tmp\lmi_rescue.exe |
"UDP Query User{F8F85B71-2A72-413B-ABB7-328500393EFA}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON WorkForce 840 Series" = EPSON WorkForce 840 Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{089EC7B5-6480-4478-ACF0-DEFD4047343C}" = Epson Event Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{19991EAD-C273-47EB-87E8-0D274925230B}" = OEB Resource Driver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EE7343D-BBE3-4A8B-8E62-B81683BCAB8E}" = BE Downloadable Edition
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus(R) Download Manager for Corel
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics Student Version 17.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F81DD84-6A2F-11D4-903E-00E0293397B7}" = Bible Data Type System Files
"{5F81DD89-6A2F-11D4-903E-00E0293397B7}" = Common System Files
"{5F81DD92-6A2F-11D4-903E-00E0293397B7}" = Libronix Digital Library System
"{5F81DD97-6A2F-11D4-903E-00E0293397B7}" = Libronix DLS Application
"{5F81DD9B-6A2F-11D4-903E-00E0293397B7}" = LibronixUpdate
"{5F81DD9F-6A2F-11D4-903E-00E0293397B7}" = LLS Resource Driver
"{5F81DDA3-6A2F-11D4-903E-00E0293397B7}" = PDF Resource Driver
"{62AD5F7F-9CFC-4523-AF83-C58F02836635}" = Geek Squad 24 Hour Computer Support
"{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6CED860A-F301-45D1-907B-B342F274FC28}" = SPSS Inc. Data Access Pack 5.3 for Windows
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72CB5335-6D2A-4207-B811-6CB6C6925039}" = Batch Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{783E0AD7-C128-4398-9F74-99D3EFF2875D}" = Deep Space Nine The Fallen
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B7044AE-6D1F-456D-B2BA-28BFFFAF3F71}" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80AAD9DF-7E64-40D2-80D2-BECA41593EEB}" = AMT Media Manager
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA7699FA-B2D2-43F4-8A70-D497D03C9485}_is1" = OpenLP 2.0
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BF0F5955-FC76-4F85-A13D-C9A8A9A5E067}" = iLumina Bible
"{C1A0A3F9-C302-4A18-A2E0-71C927D24652}" = Epson Easy Photo Print 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CA0AF735-4583-413E-897F-E91A237EE2E1}" = Libronix DLS Shortcuts
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC351B44-5610-43C5-81E6-A2C760CB0A20}" = Graphical Query Editor
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Age of Empires" = Microsoft Age of Empires
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"AIM_7" = AIM 7
"Amazon Kindle" = Amazon Kindle
"AnswerWorks" = AnswerWorks Runtime
"Audacity_is1" = Audacity 1.2.6
"BE Downloadable Edition" = BE Downloadable Edition
"BFGC" = Big Fish Games: Game Manager
"BFG-Totem Tribe" = Totem Tribe
"DivX Setup" = DivX Setup
"EEPPPlugIn" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Sun 02 Sep 2012, 8:57 am


"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"exent_553850" = Elven Mists
"exent_610150" = World Mosaics
"exent_616550" = Build-a-lot 3: Passport to Europe
"exent_636150" = Smash Frenzy 4
"exent_644150" = World Mosaics 2
"exent_706250" = Roads of Rome
"exent_719050" = World Mosaics 4
"exent_720450" = Jack Of All Tribes
"exent_748750" = My Farm Life 2
"exent_749450" = Slingo Quest: Amazon
"GenoPro" = GenoPro 2.5.3.7
"Homepage Protection" = Homepage Protection
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Libronix DLS" = Libronix Digital Library System
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Rocket" = MP3 Rocket
"NIS" = Norton Internet Security
"NST" = Norton Safe Web Lite
"Opera 11.61.1250" = Opera 11.61
"Photobie" = Photobie -- photo editing software from Photobie Design
"PhotoScape" = PhotoScape
"RealPlayer 12.0" = RealPlayer
"RealPlayer 15.0" = RealPlayer
"searchresultstb" = Search-Results Toolbar
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TurboTax 2009" = TurboTax 2009
"WhiteSmoke" = WhiteSmoke
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/26/2012 10:26:40 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/27/2012 2:13:33 AM | Computer Name = user-PC | Source = Application on Demand - WorldMosaics4 | ID = 0
Description =

Error - 2/27/2012 7:52:13 PM | Computer Name = user-PC | Source = Application on Demand - WorldMosaics4 | ID = 0
Description =

Error - 2/29/2012 10:02:31 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/1/2012 12:44:41 PM | Computer Name = user-PC | Source = Application on Demand - WorldMosaics4 | ID = 0
Description =

Error - 3/1/2012 3:28:06 PM | Computer Name = user-PC | Source = Application on Demand - WorldMosaics4 | ID = 0
Description =

Error - 3/1/2012 7:21:08 PM | Computer Name = user-PC | Source = Application on Demand - WorldMosaics4 | ID = 0
Description =

Error - 3/1/2012 10:42:09 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/1/2012 10:42:10 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12049033

Error - 3/1/2012 10:42:10 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12049033

[ Hewlett-Packard Events ]
Error - 10/13/2010 8:06:51 PM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 1/10/2011 9:31:31 AM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011110083128.xml
File not created by asset agent

Error - 10/3/2011 2:23:29 PM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101103022305.xml
File not created by asset agent

Error - 12/12/2011 6:21:31 PM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121112052113.xml
File not created by asset agent

Error - 12/29/2011 5:21:14 PM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121129042110.xml
File not created by asset agent

Error - 1/9/2012 3:18:19 PM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011209021802.xml
File not created by asset agent

Error - 6/11/2012 9:19:32 PM | Computer Name = user-PC | Source = hpsa_service.exe | ID = 2000
Description =

Error - 6/11/2012 9:19:39 PM | Computer Name = user-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/23/2012 7:21:55 PM | Computer Name = user-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3999 Ram Utilization: 50 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 7/23/2012 7:21:55 PM | Computer Name = user-PC | Source = HPSF.exe | ID = 4000
Description =

[ Media Center Events ]
Error - 6/25/2011 7:53:56 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 7:53:49 AM - Error connecting to the internet. 7:53:49 AM - Unable
to contact server..

Error - 6/25/2011 8:54:01 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 8:54:01 AM - Error connecting to the internet. 8:54:01 AM - Unable
to contact server..

Error - 6/25/2011 8:54:08 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 8:54:06 AM - Error connecting to the internet. 8:54:06 AM - Unable
to contact server..

Error - 6/25/2011 9:54:23 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 9:54:23 AM - Error connecting to the internet. 9:54:23 AM - Unable
to contact server..

Error - 6/25/2011 9:54:31 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 9:54:29 AM - Error connecting to the internet. 9:54:29 AM - Unable
to contact server..

Error - 7/24/2011 1:54:52 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 1:54:51 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 7/30/2011 8:06:45 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 8:06:45 AM - Error connecting to the internet. 8:06:45 AM - Unable
to contact server..

Error - 7/30/2011 10:49:07 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 8:06:50 AM - Error connecting to the internet. 8:06:50 AM - Unable
to contact server..

Error - 8/5/2011 11:55:56 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 11:55:53 AM - Error connecting to the internet. 11:55:53 AM - Unable
to contact server..

Error - 8/5/2011 12:56:02 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 12:56:00 PM - Error connecting to the internet. 12:56:00 PM - Unable
to contact server..

[ System Events ]
Error - 8/29/2012 10:42:08 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The Security Center service failed to start due to the following error:
%%1069

Error - 8/29/2012 10:44:50 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HP
Software Framework Service service to connect.

Error - 8/29/2012 10:44:52 PM | Computer Name = user-PC | Source = DCOM | ID = 10005
Description =

Error - 8/29/2012 10:44:51 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The HP Software Framework Service service failed to start due to the
following error: %%1053

Error - 8/30/2012 7:26:24 PM | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:18:07 PM on ?8/?30/?2012 was unexpected.

Error - 8/30/2012 7:26:42 PM | Computer Name = USER-PC | Source = BugCheck | ID = 1001
Description =

Error - 8/31/2012 4:28:28 PM | Computer Name = user-PC | Source = bowser | ID = 8003
Description =

Error - 8/31/2012 6:32:17 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 9/1/2012 1:44:13 AM | Computer Name = user-PC | Source = DCOM | ID = 10005
Description =

Error - 9/1/2012 1:44:13 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%109


< End of report >

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Sun 02 Sep 2012, 8:57 am

I just saw your instructions. I will follow them shortly. Thank you.

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Sun 02 Sep 2012, 9:31 am

FRST.txt
Scan result of Farbar Recovery Scan Tool Version: 01-09-2012 01
Ran by SYSTEM at 01-09-2012 18:14:07
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2009-06-23] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-08-10] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976832 2009-12-17] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2011-12-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [AMTDeviceService] "C:\Program Files (x86)\AMT Media Manager\AMTDeviceService.exe" [184320 2009-01-21] ()
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\user\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [1774080 2010-07-18] (Exent Technologies Ltd.)
HKU\user\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c [307768 2009-05-14] ()
HKU\user\...\Run: [WorkForce 840(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE /FU "C:\Windows\TEMP\E_S77C9.tmp" /EF "HKCU" [224768 2010-01-11] (SEIKO EPSON CORPORATION)
HKU\user\...\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-04] (Google Inc.)
HKU\user\...\Policies\system: [WallpaperStyle] 2
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1
Startup: C:\Users\user\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 ABBYY.Licensing.FineReader.Sprint.9.0; "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)
3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [44576 2010-02-01] (NOS Microsystems Ltd.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [441344 2011-06-13] (Alcatel-Lucent)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [53248 2011-03-29] (NOS Microsystems Ltd.)
2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll" /prefetch:1 [303544 2011-10-11] (Symantec Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()
3 Symantec RemoteAssist; "C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe" [394704 2008-01-29] (Symantec, Inc.)

==================== Drivers (Whitelisted) ===================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation)
3 BthAvrcp; C:\Windows\System32\Drivers\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-25] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120831.001\IDSvia64.sys [512672 2012-08-24] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120831.032\ENG64.SYS [125600 2012-08-31] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120831.032\EX64.SYS [2084000 2012-08-31] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-25] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)
2 X5XS64Ex; \??\C:\Program Files (x86)\Free Ride Games\X5XS64Ex.Sys [51744 2009-08-19] (Exent Technologies Ltd.)
2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [55328 2010-03-10] (Exent Technologies Ltd.)
4 eabfiltr; [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-01 18:13 - 2012-09-01 18:14 - 00000000 ____D C:\FRST
2012-09-01 13:10 - 2012-09-01 13:10 - 00007831 ____A C:\AdwCleaner[R1].txt
2012-09-01 07:27 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-09-01 00:29 - 2012-09-01 05:04 - 00000000 ____D C:\Users\user\Desktop\Malware Removal
2012-08-30 15:26 - 2012-08-30 15:26 - 00277576 ____A C:\Windows\Minidump\083012-53679-01.dmp
2012-08-29 18:40 - 2012-08-29 18:40 - 00000000 ____D C:\Program Files\Synaptics
2012-08-29 18:01 - 2012-08-29 18:01 - 00000000 ____D C:\Users\All Users\Mozilla
2012-08-29 18:01 - 2012-08-29 18:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-29 17:50 - 2012-08-29 17:50 - 00000000 ____D C:\Users\user\AppData\Local\Macromedia
2012-08-29 16:05 - 2012-08-29 16:05 - 29441168 ____A (Amazon.com) C:\Users\user\Downloads\KindleForPC-installer.exe
2012-08-29 07:06 - 2012-08-29 07:07 - 00277576 ____A C:\Windows\Minidump\082912-32557-01.dmp
2012-08-29 06:56 - 2012-08-29 06:56 - 00277576 ____A C:\Windows\Minidump\082912-32136-01.dmp
2012-08-29 06:50 - 2012-08-29 06:51 - 00277576 ____A C:\Windows\Minidump\082912-39515-01.dmp
2012-08-29 06:43 - 2012-08-29 06:44 - 00277576 ____A C:\Windows\Minidump\082912-35334-01.dmp
2012-08-29 06:40 - 2012-08-29 06:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Synaptics
2012-08-29 06:36 - 2011-03-31 15:29 - 00066856 ____A C:\Windows\SysWOW64\SynTPEnhPS.dll
2012-08-29 06:34 - 2012-08-29 06:34 - 00000000 ____D C:\Users\All Users\Synaptics
2012-08-29 06:34 - 2012-08-29 06:34 - 00000000 ____D C:\Program Files (x86)\Synaptics
2012-08-29 06:29 - 2012-08-29 06:29 - 00277520 ____A C:\Windows\Minidump\082912-32401-01.dmp
2012-08-29 06:22 - 2012-08-29 07:11 - 00001302 ____A C:\Windows\SynInst.log
2012-08-28 17:06 - 2012-08-28 17:08 - 56456488 ____A (Synaptics Incorporated) C:\Users\user\Downloads\Synaptics_v15_2_20_C_XP64_Vista64_Win7-64_Signed_Marketing_SGS94_UI-Scrybe.exe
2012-08-27 14:34 - 2012-08-27 14:34 - 00277576 ____A C:\Windows\Minidump\082712-30279-01.dmp
2012-08-27 14:30 - 2012-08-27 14:31 - 00277576 ____A C:\Windows\Minidump\082712-40217-01.dmp
2012-08-24 15:12 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-24 14:56 - 2012-08-24 14:56 - 00277496 ____A C:\Windows\Minidump\082412-32198-01.dmp
2012-08-22 17:20 - 2012-08-22 17:20 - 00000000 ____D C:\Users\user\AppData\Roaming\DivoGames
2012-08-22 09:21 - 2012-08-22 09:21 - 00000000 ____D C:\Users\All Users\Windows Genuine Advantage
2012-08-21 16:14 - 2012-08-21 16:45 - 02690537 ____A C:\Users\user\Desktop\rlslagle.zip
2012-08-21 16:11 - 2012-08-21 16:15 - 12285323 ____A C:\EventSys.txt
2012-08-21 16:06 - 2012-08-21 16:15 - 00000000 ____D C:\Users\user\Desktop\Seven Forums
2012-08-21 16:03 - 2012-08-21 16:03 - 00162816 ____A C:\Users\user\Desktop\SF Diagnostic Tool.exe
2012-08-21 15:59 - 2012-08-29 07:23 - 00000000 ____D C:\Users\user\Desktop\MiniDump
2012-08-21 13:14 - 2012-08-21 13:14 - 00277576 ____A C:\Windows\Minidump\082112-34289-01.dmp
2012-08-21 09:21 - 2012-08-21 09:21 - 00277576 ____A C:\Windows\Minidump\082112-58453-01.dmp
2012-08-21 04:44 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-21 04:40 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-21 04:40 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-21 04:40 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-21 04:40 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-21 04:40 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-21 04:40 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-21 04:40 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-21 04:40 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-21 04:40 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-21 04:40 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-21 04:40 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-21 04:40 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-21 04:40 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-21 04:40 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-21 04:40 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-21 04:40 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-21 04:40 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-21 04:40 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-21 04:40 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-21 04:40 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-21 04:40 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-21 04:40 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-21 04:40 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-21 04:40 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-21 04:40 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-21 04:40 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-21 04:40 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-21 04:40 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-21 04:36 - 2012-08-21 04:36 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-08-20 18:41 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-20 18:41 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-20 18:41 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-20 18:41 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-20 18:41 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-20 18:41 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-20 18:41 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-20 18:41 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-20 17:44 - 2012-08-20 17:44 - 00277576 ____A C:\Windows\Minidump\082012-33009-01.dmp
2012-08-17 12:39 - 2012-08-17 12:39 - 00277576 ____A C:\Windows\Minidump\081712-64709-01.dmp
2012-08-17 12:35 - 2012-08-17 12:35 - 00277520 ____A C:\Windows\Minidump\081712-63726-01.dmp
2012-08-15 09:43 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 09:43 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 09:43 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-15 09:43 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-11 05:22 - 2012-08-20 17:38 - 00000000 ____D C:\Users\user\AppData\Roaming\Realore_Whiterra Roads Of Rome
2012-08-11 05:19 - 2012-08-15 08:21 - 00001975 ____A C:\Users\user\Desktop\Play Roads of Rome.lnk
2012-08-09 19:13 - 2012-08-09 19:14 - 00000000 ____D C:\Users\user\Documents\Coun711
2012-08-09 11:16 - 2012-09-01 13:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-08 09:43 - 2009-09-04 13:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-08-08 09:43 - 2009-09-04 13:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-08-08 09:43 - 2009-09-04 13:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-08-08 09:43 - 2009-09-04 13:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-08-08 09:43 - 2009-09-04 13:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-08-08 09:43 - 2009-09-04 13:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-08-08 09:43 - 2009-09-04 13:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-08-08 09:43 - 2009-09-04 13:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-08-08 09:43 - 2009-09-04 13:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-08-08 09:43 - 2009-09-04 13:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-08-08 09:43 - 2009-09-04 13:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-08-08 09:43 - 2009-09-04 13:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-08-08 09:43 - 2009-03-16 10:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2012-08-08 09:43 - 2009-03-16 10:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2012-08-08 09:43 - 2009-03-16 10:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2012-08-08 09:43 - 2009-03-16 10:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2012-08-08 09:43 - 2009-03-16 10:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2012-08-08 09:43 - 2009-03-16 10:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2012-08-08 09:43 - 2009-03-09 11:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-08-08 09:43 - 2009-03-09 11:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2012-08-08 09:43 - 2009-03-09 11:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2012-08-08 09:43 - 2009-03-09 11:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2012-08-08 09:43 - 2008-10-27 06:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-08-08 09:43 - 2008-10-27 06:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-08-08 09:43 - 2008-10-27 06:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-08-08 09:43 - 2008-10-27 06:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-08-08 09:43 - 2008-10-27 06:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-08-08 09:43 - 2008-10-27 06:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-08-08 09:43 - 2008-10-27 06:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-08-08 09:43 - 2008-10-27 06:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-08-08 09:43 - 2008-10-15 02:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-08-08 09:43 - 2008-10-15 02:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2012-08-08 09:43 - 2008-10-15 02:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-08-08 09:43 - 2008-10-15 02:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-08-08 09:43 - 2008-10-15 02:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-08-08 09:43 - 2008-10-15 02:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-08-08 09:43 - 2008-07-31 06:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-08-08 09:43 - 2008-07-31 06:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-08-08 09:43 - 2008-07-31 06:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-08-08 09:43 - 2008-07-31 06:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-08-08 09:43 - 2008-07-31 06:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-08-08 09:43 - 2008-07-31 06:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-08-08 09:43 - 2008-07-10 07:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-08-08 09:43 - 2008-07-10 07:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-08-08 09:43 - 2008-07-10 07:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-08-08 09:43 - 2008-07-10 07:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-08-08 09:43 - 2008-07-10 07:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-08-08 09:43 - 2008-07-10 07:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-08-08 09:43 - 2008-05-30 10:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2012-08-08 09:43 - 2008-05-30 10:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2012-08-08 09:43 - 2008-05-30 10:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2012-08-08 09:43 - 2008-05-30 10:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2012-08-08 09:43 - 2008-05-30 10:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2012-08-08 09:43 - 2008-05-30 10:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2012-08-08 09:43 - 2008-05-30 10:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2012-08-08 09:43 - 2008-05-30 10:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2012-08-08 09:43 - 2008-05-30 10:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2012-08-08 09:43 - 2008-05-30 10:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2012-08-08 09:43 - 2008-05-30 10:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2012-08-08 09:43 - 2008-05-30 10:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2012-08-08 09:43 - 2008-05-30 10:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2012-08-08 09:43 - 2008-05-30 10:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2012-08-08 09:43 - 2008-03-05 12:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2012-08-08 09:43 - 2008-03-05 12:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2012-08-08 09:43 - 2008-03-05 12:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2012-08-08 09:43 - 2008-03-05 12:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2012-08-08 09:43 - 2008-03-05 12:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2012-08-08 09:43 - 2008-03-05 12:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2012-08-08 09:43 - 2008-03-05 11:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2012-08-08 09:43 - 2008-03-05 11:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2012-08-08 09:43 - 2008-03-05 11:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2012-08-08 09:43 - 2008-03-05 11:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2012-08-08 09:43 - 2008-02-05 19:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2012-08-08 09:43 - 2008-02-05 19:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2012-08-08 09:43 - 2007-10-21 23:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2012-08-08 09:43 - 2007-10-21 23:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2012-08-08 09:43 - 2007-10-21 23:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2012-08-08 09:43 - 2007-10-21 23:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2012-08-08 09:43 - 2007-10-12 11:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2012-08-08 09:43 - 2007-10-12 11:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2012-08-08 09:43 - 2007-10-12 11:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2012-08-08 09:43 - 2007-10-12 11:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2012-08-08 09:43 - 2007-10-02 05:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2012-08-08 09:43 - 2007-10-02 05:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2012-08-08 09:43 - 2007-07-19 20:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2012-08-08 09:43 - 2007-07-19 20:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2012-08-08 09:43 - 2007-07-19 14:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2012-08-08 09:43 - 2007-07-19 14:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2012-08-08 09:43 - 2007-07-19 14:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2012-08-08 09:43 - 2007-07-19 14:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2012-08-08 09:43 - 2007-07-19 14:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2012-08-08 09:43 - 2007-07-19 14:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2012-08-08 09:43 - 2007-06-20 16:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2012-08-08 09:43 - 2007-06-20 16:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2012-08-08 09:43 - 2007-05-16 12:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2012-08-08 09:43 - 2007-05-16 12:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2012-08-08 09:43 - 2007-05-16 12:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2012-08-08 09:43 - 2007-05-16 12:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2012-08-08 09:43 - 2007-05-16 12:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2012-08-08 09:43 - 2007-05-16 12:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2012-08-08 09:43 - 2007-04-04 14:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2012-08-08 09:43 - 2007-04-04 14:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2012-08-08 09:43 - 2007-04-04 14:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2012-08-08 09:43 - 2007-04-04 14:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2012-08-08 09:43 - 2007-03-15 12:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2012-08-08 09:43 - 2007-03-15 12:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2012-08-08 09:43 - 2007-03-12 12:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2012-08-08 09:43 - 2007-03-12 12:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2012-08-08 09:43 - 2007-03-12 12:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2012-08-08 09:43 - 2007-03-12 12:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2012-08-08 09:43 - 2007-03-05 08:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2012-08-08 09:43 - 2007-03-05 08:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2012-08-08 09:43 - 2007-01-24 11:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2012-08-08 09:43 - 2007-01-24 11:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2012-08-08 09:43 - 2006-12-08 08:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2012-08-08 09:43 - 2006-12-08 08:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2012-08-08 09:43 - 2006-11-29 09:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2012-08-08 09:43 - 2006-11-29 09:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2012-08-08 09:43 - 2006-09-28 12:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2012-08-08 09:43 - 2006-09-28 12:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2012-08-08 09:43 - 2006-09-28 12:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2012-08-08 09:43 - 2006-09-28 12:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2012-08-08 09:43 - 2006-07-28 05:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2012-08-08 09:43 - 2006-07-28 05:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2012-08-08 09:43 - 2006-07-28 05:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2012-08-08 09:43 - 2006-07-28 05:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2012-08-08 09:42 - 2006-05-31 03:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2012-08-08 09:42 - 2006-05-31 03:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2012-08-08 09:42 - 2006-03-31 08:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2012-08-08 09:42 - 2006-03-31 08:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2012-08-08 09:42 - 2006-03-31 08:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2012-08-08 09:42 - 2006-03-31 08:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2012-08-08 09:42 - 2006-03-31 08:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2012-08-08 09:42 - 2006-03-31 08:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2012-08-08 09:42 - 2006-02-03 04:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2012-08-08 09:42 - 2006-02-03 04:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2012-08-08 09:42 - 2006-02-03 04:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2012-08-08 09:42 - 2006-02-03 04:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2012-08-08 09:42 - 2006-02-03 04:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2012-08-08 09:42 - 2006-02-03 04:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2012-08-08 09:42 - 2005-12-05 14:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2012-08-08 09:42 - 2005-12-05 14:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2012-08-08 09:42 - 2005-07-22 15:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2012-08-08 09:42 - 2005-07-22 15:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2012-08-08 09:42 - 2005-05-26 11:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2012-08-08 09:42 - 2005-05-26 11:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2012-08-08 09:42 - 2005-03-18 13:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2012-08-08 09:42 - 2005-03-18 13:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2012-08-08 09:42 - 2005-02-05 15:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2012-08-08 09:42 - 2005-02-05 15:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2012-08-08 09:40 - 2012-08-08 09:40 - 00000000 ____D C:\Users\Public\Games
2012-08-05 19:12 - 2012-08-09 11:06 - 00000000 ____D C:\Users\user\AppData\Local\PMB Files
2012-08-05 19:12 - 2012-08-08 08:42 - 00000000 ____D C:\Users\All Users\PMB Files
2012-08-05 19:12 - 2012-08-05 19:12 - 00000000 ____D C:\Program Files (x86)\Pando Networks

==================== 3 Months Modified Files ================================

2012-09-01 14:10 - 2009-10-09 04:27 - 01307437 ____A C:\Windows\WindowsUpdate.log
2012-09-01 14:04 - 2009-07-13 21:13 - 00730448 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-01 13:44 - 2012-08-09 11:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-01 13:18 - 2011-07-31 10:50 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1065976732-3380650705-1327980494-1000UA.job
2012-09-01 13:17 - 2010-10-02 14:03 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-01 13:10 - 2012-09-01 13:10 - 00007831 ____A C:\AdwCleaner[R1].txt
2012-09-01 07:35 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-01 07:35 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-01 07:28 - 2009-10-09 04:45 - 00000290 ____A C:\Users\All Users\hpqp.ini
2012-09-01 07:26 - 2010-10-02 14:03 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-01 07:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-01 07:26 - 2009-07-13 20:51 - 00112584 ____A C:\Windows\setupact.log
2012-09-01 05:05 - 2012-05-19 10:02 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-31 21:57 - 2011-07-31 10:50 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1065976732-3380650705-1327980494-1000Core.job
2012-08-30 15:26 - 2012-08-30 15:26 - 00277576 ____A C:\Windows\Minidump\083012-53679-01.dmp
2012-08-30 15:26 - 2010-05-25 04:35 - 592347175 ____A C:\Windows\MEMORY.DMP
2012-08-29 16:06 - 2012-04-03 06:58 - 00001998 ____A C:\Users\user\Desktop\Kindle.lnk
2012-08-29 16:05 - 2012-08-29 16:05 - 29441168 ____A (Amazon.com) C:\Users\user\Downloads\KindleForPC-installer.exe
2012-08-29 07:11 - 2012-08-29 06:22 - 00001302 ____A C:\Windows\SynInst.log
2012-08-29 07:07 - 2012-08-29 07:06 - 00277576 ____A C:\Windows\Minidump\082912-32557-01.dmp
2012-08-29 06:56 - 2012-08-29 06:56 - 00277576 ____A C:\Windows\Minidump\082912-32136-01.dmp
2012-08-29 06:51 - 2012-08-29 06:50 - 00277576 ____A C:\Windows\Minidump\082912-39515-01.dmp
2012-08-29 06:44 - 2012-08-29 06:43 - 00277576 ____A C:\Windows\Minidump\082912-35334-01.dmp
2012-08-29 06:39 - 2009-10-09 04:24 - 00008946 ____A C:\Windows\DPINST.LOG
2012-08-29 06:29 - 2012-08-29 06:29 - 00277520 ____A C:\Windows\Minidump\082912-32401-01.dmp
2012-08-28 17:08 - 2012-08-28 17:06 - 56456488 ____A (Synaptics Incorporated) C:\Users\user\Downloads\Synaptics_v15_2_20_C_XP64_Vista64_Win7-64_Signed_Marketing_SGS94_UI-Scrybe.exe
2012-08-27 15:10 - 2009-12-04 15:31 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-08-27 14:34 - 2012-08-27 14:34 - 00277576 ____A C:\Windows\Minidump\082712-30279-01.dmp
2012-08-27 14:31 - 2012-08-27 14:30 - 00277576 ____A C:\Windows\Minidump\082712-40217-01.dmp
2012-08-26 08:39 - 2010-01-07 17:57 - 00000064 ____A C:\Windows\GPlrLanc.dat
2012-08-24 14:56 - 2012-08-24 14:56 - 00277496 ____A C:\Windows\Minidump\082412-32198-01.dmp
2012-08-21 16:45 - 2012-08-21 16:14 - 02690537 ____A C:\Users\user\Desktop\rlslagle.zip
2012-08-21 16:15 - 2012-08-21 16:11 - 12285323 ____A C:\EventSys.txt
2012-08-21 16:03 - 2012-08-21 16:03 - 00162816 ____A C:\Users\user\Desktop\SF Diagnostic Tool.exe
2012-08-21 15:58 - 2011-07-31 10:53 - 00002447 ____A C:\Users\user\Desktop\Google Chrome.lnk
2012-08-21 13:14 - 2012-08-21 13:14 - 00277576 ____A C:\Windows\Minidump\082112-34289-01.dmp
2012-08-21 09:21 - 2012-08-21 09:21 - 00277576 ____A C:\Windows\Minidump\082112-58453-01.dmp
2012-08-21 09:17 - 2009-07-13 20:45 - 00547992 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-21 04:36 - 2012-08-21 04:36 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-08-21 02:33 - 2009-11-12 01:28 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-20 18:17 - 2009-11-22 20:17 - 00002501 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-08-20 17:44 - 2012-08-20 17:44 - 00277576 ____A C:\Windows\Minidump\082012-33009-01.dmp
2012-08-17 12:39 - 2012-08-17 12:39 - 00277576 ____A C:\Windows\Minidump\081712-64709-01.dmp
2012-08-17 12:35 - 2012-08-17 12:35 - 00277520 ____A C:\Windows\Minidump\081712-63726-01.dmp
2012-08-15 08:21 - 2012-08-11 05:19 - 00001975 ____A C:\Users\user\Desktop\Play Roads of Rome.lnk
2012-08-15 07:48 - 2012-02-06 16:14 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForuser.job
2012-08-15 07:47 - 2009-11-12 18:27 - 00273122 ____A C:\Windows\PFRO.log
2012-08-15 06:44 - 2012-04-17 16:34 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 06:44 - 2011-06-20 05:46 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-08 09:43 - 2009-10-09 04:55 - 00042015 ____A C:\Windows\DirectX.log
2012-08-07 11:42 - 2012-06-09 11:59 - 00001948 ____A C:\Users\user\Desktop\Play Elven Mists.lnk
2012-07-26 13:32 - 2012-06-22 17:07 - 00002029 ____A C:\Users\user\Desktop\Play Slingo Quest Amazon.lnk
2012-07-23 15:34 - 2012-02-06 16:12 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-21 09:01 - 2012-07-14 17:38 - 00001984 ____A C:\Users\user\Desktop\Play My Farm Life 2.lnk
2012-07-18 10:15 - 2012-08-20 18:41 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 03:42 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-09 05:55 - 2012-07-09 05:55 - 00001497 ____A C:\Users\user\Desktop\Liberty University Network - Production.lnk
2012-07-06 12:07 - 2012-08-21 04:44 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-05 14:07 - 2009-11-23 19:15 - 00000021 ____A C:\Users\All Users\hpqp.txt
2012-07-04 14:16 - 2012-08-15 09:43 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-20 18:41 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 14:13 - 2012-08-15 09:43 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 13:16 - 2012-08-20 18:41 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-20 18:41 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-03 09:46 - 2012-05-19 10:01 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-28 20:55 - 2012-08-21 04:40 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-21 04:40 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-21 04:40 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-21 04:40 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-21 04:40 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-21 04:40 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-21 04:40 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-21 04:40 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-21 04:40 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-21 04:40 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-21 04:40 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-21 04:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-21 04:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-21 04:40 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-21 04:40 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-21 04:40 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-21 04:40 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-21 04:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-21 04:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-21 04:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-21 04:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-21 04:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-21 04:40 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-21 04:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-21 04:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-21 04:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-21 04:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-21 04:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-26 17:06 - 2012-05-22 21:07 - 00011718 ____A C:\Users\user\Documents\happy.xlsx
2012-06-26 05:18 - 2012-06-11 18:24 - 00010667 ____A C:\Users\user\Documents\Military Units.xlsx
2012-06-21 17:47 - 2012-06-21 17:47 - 00002009 ____A C:\Users\Public\Desktop\Logitech Vid HD.lnk
2012-06-17 15:16 - 2012-06-17 15:16 - 00001994 ____A C:\Users\user\Desktop\MP3 Rocket 6.2 (2).lnk
2012-06-17 13:07 - 2012-06-17 13:07 - 00001994 ____A C:\Users\user\Desktop\MP3 Rocket 6.2.lnk
2012-06-14 18:25 - 2012-04-12 08:03 - 00001013 ____A C:\Users\user\Desktop\Dropbox.lnk
2012-06-10 13:05 - 2011-04-18 16:13 - 00860160 __ASH C:\Users\user\Documents\Thumbs.db
2012-06-08 21:43 - 2012-07-11 03:37 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 03:37 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 16:59 - 2012-06-06 16:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-06-05 22:06 - 2012-07-11 03:37 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 03:37 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 03:37 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 03:37 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 03:37 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 03:37 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll


ZeroAccess:
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U

ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{708e671f-3545-2915-06c0-6082039c15b2}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{708e671f-3545-2915-06c0-6082039c15b2}\L
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{708e671f-3545-2915-06c0-6082039c15b2}\U

ATTENTION: ========> If the partition table is not disinfected yet it should be done. FixBoot might render the system unbootable and MbrFix has no effect:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-21 02:33:06
Restore point made on: 2012-08-22 02:28:23
Restore point made on: 2012-08-25 03:02:25
Restore point made on: 2012-08-26 08:37:37
Restore point made on: 2012-08-26 08:39:24
Restore point made on: 2012-08-29 07:18:51
Restore point made on: 2012-09-01 00:37:12

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3999.19 MB
Available physical RAM: 3264.82 MB
Total Pagefile: 3997.34 MB
Available Pagefile: 3263.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:220.82 GB) (Free:82.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:11.87 GB) (Free:2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (USBFLASH) (Removable) (Total:0.24 GB) (Free:0.13 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 244 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 220 GB 200 MB
Partition 3 Primary 11 GB 221 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 220 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 11 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 244 MB 49 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G USBFLASH FAT Removable 244 MB Healthy

==================================================================================

Last Boot: 2012-08-15 18:22

==================== End Of Log =============================

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Sun 02 Sep 2012, 9:32 am

Search.txt
Farbar Recovery Scan Tool Version: 01-09-2012 01
Ran by SYSTEM at 2012-09-01 18:16:59
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by DragonMaster Jay on Mon 03 Sep 2012, 9:31 am

We'll try to get you back to Normal Mode here.

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\svchost.exe
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{708e671f-3545-2915-06c0-6082039c15b2}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Tue 04 Sep 2012, 12:36 am

Computer booted really quickly. Nice.

I ran the malwarebytes anti-malware. It is still giving the following:
Trojan.Agent File c:\windows\svchost.exe
Trojan.Agent Memory Process c:\windows\svchost.ext 5620

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 01-09-2012 01
Ran by SYSTEM at 2012-09-03 08:46:03 Run:1
Running from G:\

==============================================

C:\Windows\svchost.exe moved successfully.
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2} moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{708e671f-3545-2915-06c0-6082039c15b2} moved successfully.

==== End of Fixlog ====

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Tue 04 Sep 2012, 12:45 am

The computer is also still showing high cpu usage by winrscmde.

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by DragonMaster Jay on Tue 04 Sep 2012, 7:23 am

That's fine. Let's continue...

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.




-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Tue 04 Sep 2012, 11:36 am

I ended up with two TSKiller log files. I have zipped them and attached them.

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by DragonMaster Jay on Tue 04 Sep 2012, 7:04 pm

Excellent work!

Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Tue 04 Sep 2012, 11:37 pm

Here goes.


rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by DragonMaster Jay on Wed 05 Sep 2012, 7:20 pm

Next log from TDSSKiller please.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Thu 06 Sep 2012, 4:31 am

TDSS Log zip file

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by DragonMaster Jay on Thu 06 Sep 2012, 9:24 pm

We may have to work in the Recovery Environment if this doesn't work...

Please download Hitman Pro by Surfright from here and save it to your desktop.
  • Double click HitmanPro36.exe to run the scanner
  • Click Next
  • Accept the license conditions and click Next
  • Choose to do only a single scan. Do not enter any e-mail address and click Next
  • Hitman Pro will now scan your computer
  • After the scan, choose to ignore all threats - I want to have a look first, before deciding what to do
  • Click Next
  • You will now find an option to export the results of the scan to an XML file (log.xml). Please do so. Close Hitman Pro.
  • Please copy and paste the contents of log.xml into your next reply (You can open XML files with notepad)


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Fri 07 Sep 2012, 8:43 am

It only came up with tracking cookies. No threats. When I clicked NEXT, it deleted the tracking cookies. Log is posted below.

Code:

HitmanPro 3.6.1.164
www.hitmanpro.com

  Computer name . . . . : USER-PC
  Windows . . . . . . . : 6.1.1.7601.X64/2
  User name . . . . . . : user-PC\user
  UAC . . . . . . . . . : Disabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2012-09-06 17:31:15
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 9m 21s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 139

  Objects scanned . . . : 2,055,609
  Files scanned . . . . : 91,633
  Remnants scanned  . . : 668,203 files / 1,295,773 keys

Cookies _____________________________________________________________________

  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.wsod.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bridgetrack.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.lycos.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.lzjl.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:citi.bridgetrack.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleads.g.doubleclick.net
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\02UFQNEJ.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\04AH2UTM.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\04MKSI2J.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\04Z6FUEK.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\0H0OICUG.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\0KNL2RHS.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\17214AX5.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\2XG7X0HP.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\3AN91589.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\3CA62A86.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\3T1337LX.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\44JE4VLA.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\4SE63KNT.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\4Y5BVXE0.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\51VZH8WN.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\53AQ1QD5.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\58DI2IXQ.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\5D9LCY6O.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\79IGX62T.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\7CKH4QXK.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\7CS8U9QF.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\83BYGM4T.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\8OTNCQ54.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\9LBST4LA.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\9O3MY79U.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\A4EZZ1Z5.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\B4EGMC8M.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\C02XJ2J7.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\C1XREQTM.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\CBC9QBK7.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\DA3FYRGY.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\EGAYE9MQ.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\ELO04NXA.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\F6OLEX2I.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FVRJV4OR.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\G5L8WGCQ.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\GA703PIJ.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\GBUAN5VV.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\GGEIXG1Z.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\GGKUCBYR.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\GGLAXOKQ.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\GO06QQ7U.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\HWQUQPF1.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\I2JB4K7M.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\IC02W8S4.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\IFVKK977.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\K75MJGVR.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\KAK4NBX8.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\KWQH3W71.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\L3NI17JY.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\NWKO15DC.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\NY94682I.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\OPM6H2BC.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\OT5QNEAV.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\OVY1OLD0.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\PUBG8S1V.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\RETKD4KD.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\RGD99UAX.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\RJW8I7KN.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\RM5E7SX7.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\S77SLTB0.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\SUAXA630.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\T0CHT0MK.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\TCD37ZWP.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\U3UVHKFY.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\U9L8JU0Z.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\UID4X11Z.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\VBK6U86B.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\VEI21VTJ.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\VG3DDHCW.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\W4VNR100.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\WEY4F60V.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\WEYAPLZR.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\XQ96YJWE.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Y9VQ6D2S.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\YAEHVKVS.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\YCKC2ZN0.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\YLRQ74GL.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\ZRWXJTJX.txt
  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\ZZYEXCT3.txt
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:ad.vuiads.org
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:ad.wsod.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:adinterax.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:ads.lzjl.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:adtechus.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:apmebf.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:clicksor.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:collective-media.net
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:crossexamine.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:doubleclick.net
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:eas.apm.emediate.eu
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:emjcd.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:in.getclicky.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:interclick.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:invitemedia.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:mediaplex.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:mm.chitika.net
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:pluckit.demandmedia.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:pointroll.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:static.freewebs.getclicky.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:stats.paypal.com
  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\14vvhgwh.default\cookies.sqlite:www.emjcd.com



rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by DragonMaster Jay on Sat 08 Sep 2012, 5:37 am

Please find the file MBR.dat on your Desktop and upload it here please.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Sat 08 Sep 2012, 7:29 am

The discussion board said it was the wrong file type and would not allow me to upload the mbr.dat file, so I had to zip it to upload it.

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by DragonMaster Jay on Sun 09 Sep 2012, 9:10 pm

That's fine.

The MBR is verified clean!

How is the computer running overall?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Mon 10 Sep 2012, 3:08 am

Overall, the computer seems to be operating pretty good. Fast boot-up and it seems the winrscdme process that was keeping the CPU at high usage is taken care of.

The only issue I've seen over the last couple of days is that the touchpad seems to have a mind of its own. It is like it is trying to take control of the computer-opening and closing things at random, highlighting text and moving it and such.

I had to use the touchpad button on the computer to turn the touchpad off just to be able to type this.

I haven't run the Malwarebytes anti-malware to see if it finds any thing.

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by DragonMaster Jay on Tue 11 Sep 2012, 2:16 am

The touchpad problem might just be a driver problem. Reinstalling the driver should help to resolve things.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by rlslagle on Thu 13 Sep 2012, 11:51 am

That seems to have taken care of it.
Thank you for all your help.
rlslagle

rlslagle

Rookie Surfer
Rookie Surfer

Posts : 80
Joined : 2009-06-03
Operating System : Windows 7

View user profile

Back to top Go down

Solved Re: Malware: winrscmde/Trojan.agent/Trojan:DOS/Alurean.A

Post by Sponsored content Today at 4:10 pm


Sponsored content


Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum