Tojan Agents on Computer

View previous topic View next topic Go down

Solved Tojan Agents on Computer

Post by Tiggy on Sat Dec 29, 2012 12:56 pm

My Windows Security Essentials suddenly shut down and restarted my computer the other night because it said it had detected a threat. When it rebooted it said I was infected with Trojan:DOS/Alureon.A and that I had to download Windows Defender Offline onto a flash drive or CD to properly remove it. After booting up with a CD with the Windows Defender Offline tool it appeared to remove it because after the proper reboot Windows Security Essentials didn't find anything. I ran Super Antispyware and it found 7 files of Trofjan.Agent/Gen-Kazy. After Rebooting from that scan both scans found nothing so I ran Malwarebytes and it found two things that I can not get rid of and now the Windows security essentials is finding the Alureon.A again as well. Here is a copy of the original MBAM log I just did this morning:

Malwarebytes Anti-Malware 1.70.0.1100
[You must be registered and logged in to see this link.]

Database version: v2012.12.29.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mike :: MIKES-I7 [administrator]

12/29/2012 7:40:56 AM
MBAM-log-2012-12-29 (07-41-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226212
Time elapsed: 31 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5444 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)


And here is the OTL.txt log:


OTL logfile created on: 12/29/2012 7:32:18 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 66.80% Memory free
11.98 Gb Paging File | 9.75 Gb Available in Paging File | 81.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 93.06 Gb Total Space | 43.13 Gb Free Space | 46.34% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 445.64 Gb Free Space | 74.75% Space Free | Partition Type: NTFS
Drive E: | 574.94 Mb Total Space | 257.98 Mb Free Space | 44.87% Space Free | Partition Type: UDF

Computer Name: MIKES-I7 | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/29 04:11:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.com
PRC - [2012/12/17 18:33:41 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/12/16 02:01:18 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/03 10:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/07/25 19:32:17 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/02/08 15:21:58 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/02/08 15:21:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2010/01/22 11:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/08/28 06:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/16 20:17:08 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/03/26 17:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 17:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/06 04:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/02/23 11:28:24 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcfcoms.exe -- (lxcf_device)
SRV - [2012/12/20 16:50:30 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/03 10:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/25 19:32:17 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/10/10 18:41:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/10/10 18:41:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/10/10 18:40:55 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/08 15:21:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/08/28 06:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/23 11:27:50 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxcfcoms.exe -- (lxcf_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/20 19:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/03 15:40:34 | 001,335,408 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/04/07 03:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2010/03/18 04:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 04:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/02/08 15:12:02 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/22 11:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 11:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/12/25 02:05:40 | 000,297,512 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/16 06:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/12/29 07:28:16 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D7C5C382-7E1D-4394-86F6-224F2914578C}\MpKsl53618608.sys -- (MpKsl53618608)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {E5C1DCDC-9854-43A3-AE74-1EF1C011E2B4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{E5C1DCDC-9854-43A3-AE74-1EF1C011E2B4}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)



O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [LXCFCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCFtime.DLL ()
O4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smile Desktop.lnk = C:\Program Files (x86)\Webshots\Smile Desktop\Smile.exe (Webshots)
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots Daily Features.lnk = File not found
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WebshotsWidget.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA4915E7-8BB2-4F0C-9632-7ABC8957ECFE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8eea7b11-c34a-11df-ab69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8eea7b11-c34a-11df-ab69-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{b80a83ab-c335-11df-be50-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b80a83ab-c335-11df-be50-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Tiggy
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-01-13
OS : Windows 7 64bit

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Tiggy on Sat Dec 29, 2012 12:57 pm

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0062EC00-D85A-AD6E-714E-3F7F6E87DC6B} - Microsoft Windows Media Player
ActiveX: {166E1D1B-53DC-C65F-22E5-9BB51E83A462} - Themes Setup
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2EE9925F-FA2D-EB2B-EC61-B4A4220795DC} - Browser Customizations
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.TMB0 - tmbvcm64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.TMB0 - C:\Windows\SysWow64\tmbvcm32.dll ()
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/29 07:25:57 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/12/29 04:11:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.com
[2012/12/29 00:48:05 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/12/28 20:44:08 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Programs
[2012/12/21 21:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Darkfall Unholy Wars
[2012/12/18 22:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012/12/18 22:21:11 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/12/18 22:21:11 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/12/18 22:21:11 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/12/18 22:21:10 | 026,811,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/12/18 22:21:10 | 020,335,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/12/18 22:21:10 | 012,603,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/12/18 22:21:10 | 009,271,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/12/18 22:21:10 | 006,149,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012/12/18 22:21:10 | 001,805,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/12/18 22:21:10 | 001,504,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012/12/18 22:21:09 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/12/18 22:21:09 | 018,045,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/12/18 22:21:09 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/12/18 22:21:09 | 015,122,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/12/18 22:21:09 | 007,819,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/12/18 22:21:09 | 007,446,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012/12/18 22:21:09 | 002,784,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/12/18 22:21:09 | 002,606,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/12/18 22:21:09 | 002,496,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/12/18 22:21:09 | 002,226,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/12/18 22:21:09 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/12/18 22:21:09 | 000,983,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/12/18 22:21:09 | 000,841,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/12/18 22:21:09 | 000,245,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/12/18 22:21:09 | 000,201,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/12/16 09:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Darkfall Unholy Wars
[2012/12/16 02:01:18 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/16 02:01:18 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/05 23:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/12/05 23:39:49 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/12/05 23:39:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/12/05 23:35:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/05 23:35:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/05 23:35:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/05 23:35:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/05 23:35:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/05 23:35:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/05 23:35:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/05 23:35:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/05 23:35:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/05 23:35:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/05 23:35:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/05 23:35:51 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/05 23:35:50 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/05 23:35:50 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/05 23:35:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/05 23:34:47 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/12/05 23:34:46 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/12/05 23:34:46 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/12/05 23:34:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/12/05 23:33:07 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/12/05 23:33:07 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/12/05 23:32:36 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/05 23:32:36 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/05 23:32:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/05 23:32:36 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/05 23:32:36 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/05 23:32:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/05 23:32:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/05 23:32:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/05 23:32:35 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/05 23:32:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/05 23:32:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/05 23:32:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/05 23:32:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/05 23:32:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/05 23:32:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/05 23:32:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/05 23:32:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/05 23:32:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/05 23:32:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/05 23:32:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/05 23:32:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/05 23:32:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/05 23:32:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/05 23:32:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/05 23:32:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/05 23:32:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/05 23:32:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/05 23:32:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/05 23:32:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/05 23:32:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/05 23:32:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/05 23:32:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/05 23:32:18 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/12/05 23:32:18 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/12/05 23:32:18 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/12/05 23:32:18 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/12/05 23:32:18 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/12/05 23:32:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/12/05 23:32:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/12/05 23:32:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/12/05 23:32:16 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/12/05 23:32:16 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/12/05 23:32:16 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/12/05 23:32:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/12/05 23:32:12 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/12/05 23:32:12 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/12/05 23:32:12 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/12/05 23:32:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/12/05 23:32:09 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/12/05 23:32:07 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/12/05 23:32:07 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/12/05 23:32:06 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/12/05 23:32:04 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/12/05 23:32:04 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/30 22:43:52 | 000,438,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/29 07:32:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/29 07:28:31 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/29 07:28:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/29 07:28:09 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/29 07:27:24 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/29 07:27:24 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/29 04:11:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.com
[2012/12/29 03:45:55 | 000,729,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/29 03:45:55 | 000,626,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/29 03:45:55 | 000,107,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/28 20:49:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/12/28 20:44:21 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/28 20:28:16 | 000,000,754 | ---- | M] () -- C:\Users\Mike\SciTE.session
[2012/12/21 21:10:52 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Darkfall Unholy Wars.lnk
[2012/12/16 02:01:18 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/16 02:01:18 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/15 07:45:59 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Darkfall US.lnk
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/05 23:49:23 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/03 10:47:14 | 026,811,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/12/03 10:47:14 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/12/03 10:47:14 | 020,335,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/12/03 10:47:14 | 018,045,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/12/03 10:47:14 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/12/03 10:47:14 | 015,122,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/12/03 10:47:14 | 015,016,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/12/03 10:47:14 | 012,603,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/12/03 10:47:14 | 009,271,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/12/03 10:47:14 | 007,819,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/12/03 10:47:14 | 007,446,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012/12/03 10:47:14 | 006,149,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012/12/03 10:47:14 | 002,816,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/12/03 10:47:14 | 002,784,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/12/03 10:47:14 | 002,606,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/12/03 10:47:14 | 002,496,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/12/03 10:47:14 | 002,226,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/12/03 10:47:14 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/12/03 10:47:14 | 001,805,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/12/03 10:47:14 | 001,504,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012/12/03 10:47:14 | 000,983,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/12/03 10:47:14 | 000,841,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/12/03 10:47:14 | 000,245,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/12/03 10:47:14 | 000,201,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/12/03 10:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012/12/01 00:49:26 | 003,663,213 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/12/01 00:49:25 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/12/01 00:49:25 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/12/01 00:48:41 | 006,223,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/12/01 00:48:37 | 003,311,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/11/30 22:43:52 | 000,438,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

Tiggy
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-01-13
OS : Windows 7 64bit

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Tiggy on Sat Dec 29, 2012 12:58 pm


========== Files Created - No Company Name ==========

[2012/12/28 20:49:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/12/21 21:10:52 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Darkfall Unholy Wars.lnk
[2012/12/05 23:39:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/05 23:34:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/05 23:33:55 | 003,663,213 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/07/25 19:32:17 | 000,280,976 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/25 19:32:17 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/16 20:14:20 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/06/23 23:33:01 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfinpa.dll
[2012/06/23 23:33:01 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfiesc.dll
[2012/06/23 23:33:01 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcfcomx.dll
[2012/06/23 23:33:01 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcfinst.dll
[2012/06/23 23:33:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfserv.dll
[2012/06/23 23:33:00 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfusb1.dll
[2012/06/23 23:33:00 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfhbn3.dll
[2012/06/23 23:33:00 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfpmui.dll
[2012/06/23 23:33:00 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcflmpm.dll
[2012/06/23 23:33:00 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcoms.exe
[2012/06/23 23:33:00 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfih.exe
[2012/06/23 23:33:00 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfppls.exe
[2012/06/23 23:33:00 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfprox.dll
[2012/06/23 23:33:00 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfpplc.dll
[2012/06/23 23:32:59 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcomc.dll
[2012/06/23 23:32:59 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcomm.dll
[2012/06/23 23:32:59 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcfcfg.exe
[2012/01/01 01:27:12 | 000,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\{319F6238-3378-45B4-B24A-354FEAFAF698}
[2011/01/29 23:18:40 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/08 09:51:11 | 000,000,754 | ---- | C] () -- C:\Users\Mike\SciTE.session

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/08/26 20:50:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/08/26 20:50:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/08/26 20:50:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/10/08 03:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/10/08 03:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/08/26 20:50:58 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/08/26 20:50:58 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/08/26 20:50:58 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/10/08 03:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/10/08 03:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\ /s >

< %PROGRAMFILES%\*. >
[2012/02/04 16:06:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2012/12/18 22:22:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2012/10/23 20:27:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/09/18 16:43:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ask.com
[2012/10/23 20:27:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/10/10 18:41:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2012/12/21 21:10:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Darkfall Unholy Wars
[2011/10/20 22:44:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dragon Age 2
[2010/09/27 07:06:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ffdshow
[2010/10/12 17:29:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012/07/25 19:17:59 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/09/18 09:50:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/12/05 23:47:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/06/04 22:12:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/09/18 20:33:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Logitech
[2012/12/28 20:44:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/18 09:51:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Marvell
[2010/10/18 00:42:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2012/08/26 20:42:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/27 08:49:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/10/17 14:22:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/09/30 06:05:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2012/08/11 20:52:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mumble
[2010/09/18 09:52:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NEC Electronics
[2012/12/18 22:22:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/06/04 22:12:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Oracle
[2012/10/23 20:27:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/06/22 20:28:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Rosetta Stone
[2010/10/15 16:55:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sytexis Software
[2012/07/25 19:31:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ubisoft
[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/09/18 16:43:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2010/09/18 20:59:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ventrilo
[2010/09/18 09:51:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VIA
[2012/10/12 21:04:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Webshots
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/03/29 23:20:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2012/08/27 08:55:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2012/08/27 08:55:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2012/08/27 08:55:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2012/08/27 08:55:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2012/08/27 08:55:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/09/27 07:06:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ZD Soft

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 23:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 21:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 18:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/27 23:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 04:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 21:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 22:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 22:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 21:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/06/01 23:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012/04/23 23:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010/11/20 08:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012/04/23 23:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/06/02 00:32:25 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=456107D69D4EE850A559434F19EFEE65 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_d2beeccacd6d6c07\cryptsvc.dll
[2012/04/24 00:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2012/04/23 23:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2012/06/04 02:52:35 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=7E7D2DACF65D750D466F36BD3D09AE20 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[2009/07/13 20:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2012/06/01 23:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\SysWOW64\cryptsvc.dll
[2012/06/01 23:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2012/06/02 00:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\SysNative\cryptsvc.dll
[2012/06/02 00:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[2009/07/13 20:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 07:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/24 00:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2012/06/02 00:25:12 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=BAF19B633933A9FB4883D27D66C39E9A -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_d22a7e2db457eb07\cryptsvc.dll
[2012/04/24 00:36:46 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=CE8BF1423AEE47DA5275FBC8AD3BD642 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
[2012/06/01 23:41:59 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=EA8C26ECF1656D9647EF044F115EC6DA -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[2012/04/24 00:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
[2012/06/01 23:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=F2FDE6C8DBAAD44CC58D1E07E4AF4EED -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll
[2012/04/23 23:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
[2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2009/07/13 20:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
[2011/03/03 01:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
[2011/03/03 01:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 08:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
[2011/03/03 01:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll

< MD5 for: ES.DLL >
[2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 04:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 04:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/13 18:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: QMGR.DLL >
[2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 20:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009/07/13 20:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\Windows\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 00:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2012/10/03 12:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/10/03 12:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2010/11/20 08:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/06/21 01:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/06/14 01:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2012/03/30 05:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011/04/25 00:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012/03/30 06:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012/08/22 13:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2010/04/09 06:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2012/03/30 05:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2010/06/14 01:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/13 20:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 00:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/21 01:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2010/04/09 02:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
[2012/03/30 06:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/04/25 01:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/21 01:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2012/10/03 12:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2011/06/21 01:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2012/08/22 13:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys

< MD5 for: TDX.SYS >
[2009/07/13 18:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[2010/11/20 04:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 04:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 20:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
[2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_fca7ad7710a22535\WMIsvc.dll
[2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2010/12/21 01:09:08 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=34D280957E8681E4BD9492B3F1FC27B9 -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_76d192b6e4d9ed67\wscsvc.dll
[2010/12/21 01:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5cb9af730\wscsvc.dll
[2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
[2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_76354f59cbc9dce8\wscsvc.dll
[2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

< End of report >

Tiggy
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-01-13
OS : Windows 7 64bit

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Tiggy on Sat Dec 29, 2012 1:00 pm

Here is a copy of the Extras.txt log:

OTL Extras logfile created on: 12/29/2012 7:32:18 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 66.80% Memory free
11.98 Gb Paging File | 9.75 Gb Available in Paging File | 81.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 93.06 Gb Total Space | 43.13 Gb Free Space | 46.34% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 445.64 Gb Free Space | 74.75% Space Free | Partition Type: NTFS
Drive E: | 574.94 Mb Total Space | 257.98 Mb Free Space | 44.87% Space Free | Partition Type: UDF

Computer Name: MIKES-I7 | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02517B46-3037-418D-8B1C-84574A2A734D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{03063B75-2C7B-48DB-93C0-8520B6709929}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0510033E-F49A-454B-B8A8-CD06D0D17390}" = rport=445 | protocol=6 | dir=out | app=system |
"{0CF4882B-538B-4344-8629-A6C62A84A86E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0ECAB593-3CBD-4800-96DF-82D8FF7A49FE}" = lport=445 | protocol=6 | dir=in | app=system |
"{1088B1C9-7DD6-4377-B7A0-429C75BE79E6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{135EFE21-4281-4CF3-8223-189019CAEC18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F4375B0-0F42-47C9-9AC8-C014A2584447}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{271ABE6A-B246-4BD9-A369-BDB0DE27B945}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2E2DD7D3-6AA4-422A-9B19-62E2007FB3D3}" = lport=138 | protocol=17 | dir=in | app=system |
"{33C5094D-ED5A-4BA2-8CE1-C38FB4196CCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BA3FFD0-5DA4-4D1F-ADC0-F14D293B1CD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{42EF4F4D-24FD-44CB-93C9-FAB7D70C201F}" = rport=137 | protocol=17 | dir=out | app=system |
"{42F894BE-738E-4EF4-8872-14C1A424ECED}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{456EE1D9-8391-4951-BEF4-6EF35BDA9A41}" = rport=138 | protocol=17 | dir=out | app=system |
"{509204CA-C4D4-4168-BC42-A4DF8038F42D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73CBA237-8871-43B2-8466-6731905372C3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{751DD3F5-292E-4337-A96D-A7A55B7BEBE5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B2AAD81-0C04-4114-9338-002126A4FAB7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E333A8B-4C63-4893-AFD7-79BE261EFF6B}" = lport=139 | protocol=6 | dir=in | app=system |
"{8644EAF1-EE2E-4630-9175-E457C972C70F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8ADBD0FB-37E8-44C4-90D5-DE9D753DEA79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{90BB7B47-EB24-4C64-B03F-F07D9D67135F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9239C82E-CD9D-4E32-A8D0-59A3BF3BFF29}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{94425678-A6A1-40E5-87EB-EACDC692DD93}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A632BD7D-A54B-4D81-9C4F-A36A2DFED83D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B32ECC88-AA39-4412-A5EC-00D78F3D9A74}" = lport=137 | protocol=17 | dir=in | app=system |
"{C48A8025-13E4-4781-B863-16DEF084B42C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7B6F61B-94EB-48B4-A93B-8CDFC75D6C6D}" = rport=139 | protocol=6 | dir=out | app=system |
"{CFB98D02-52E1-44A2-ACAB-147620649D00}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D3A1456B-18F0-4F50-80BB-3C1349D44C63}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E59D3ECA-4453-4E77-8EDF-78686F1032D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA42D1D7-B076-46C4-8EEC-C047DEC5C1D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C9D8B5-8318-4C9C-A094-8D66B0902F90}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{02533314-7CD4-4732-8DE7-358171EC66ED}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{07443196-C81D-476F-83BE-232C7FF2B505}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcfcoms.exe |
"{087B10E1-97DD-4F10-9979-CA971445E6A4}" = protocol=17 | dir=in | app=d:\program files (x86)\assassins creed ii\assassinscreediigame.exe |
"{0AE3E8F3-9446-4575-8AB3-6070956FB77E}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcfcoms.exe |
"{12A4DE61-46D3-42DB-99F1-BB2B5368E7CC}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{13DD6E9D-952C-484D-9BCB-B39B75E339A2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{152AB626-CE40-4509-8166-9D22854DB65B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16E81582-7405-4F68-A527-48921188F4C6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1E063ED8-4C8A-4CCE-8530-9A1E3507594D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1ED61649-DEB5-4182-A623-A09CA1DA22A2}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1F12BE54-E881-46AB-A868-E292E561C6CD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{234AE157-7FC0-4AF5-A86F-A553847323A3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcfpswx.exe |
"{287EA525-0D9B-4BF1-A2FC-9BEE4D36253E}" = protocol=17 | dir=in | app=c:\users\mike\appdata\local\microsoft\windows\temporary internet files\content.ie5\d147y5nh\3gp_converter_setup[1].exe |
"{2CA183B8-EFC0-4CE8-B533-6DBA4F5C97FE}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{2E34F6A7-0E6E-4B64-82D7-1E356FCC0A7B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31EF286B-4150-42EB-9AF9-B60FAC99615E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{348B4183-26D6-4859-A3D7-29D51544E189}" = protocol=6 | dir=in | app=c:\windows\system32\lxcfcoms.exe |
"{3520BB60-6A6C-4250-B89A-99FB1F3501D5}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3A720D1E-EB74-4A11-8A9D-5BF6AB32B784}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{3B64215A-90BD-42BF-8B38-B301FE751C3E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{47BBF0E0-0520-4BE1-BF38-38F1D0D2EE3D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{47E0FD1F-ED51-4198-9BCD-5C57C1DCF1E1}" = protocol=6 | dir=in | app=d:\program files (x86)\assassins creed ii\assassinscreediigame.exe |
"{4BC67150-71D8-4C80-B500-8DAFD2D003EF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4EAE51A3-FCBE-42A3-B567-4C24751C361C}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{4F0B0023-1F17-477F-AC0D-81838FD12DC1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{555ADC71-E5A2-4E65-B49E-A4A676C1CDA3}" = protocol=17 | dir=in | app=c:\windows\system32\lxcfcoms.exe |
"{56B91ADA-3860-4827-B359-7C53125D6804}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{596520DE-8C6A-48BD-A943-001ECD029F15}" = protocol=6 | dir=in | app=d:\program files (x86)\revelations\assassinscreedrevelations.exe |
"{5DB36A48-29F3-4937-AA4E-7C4A6BA4939F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{609EDEBD-1463-4984-AE8A-42ED4B994B3A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe |
"{633C2F00-8AE3-4CBE-B4F4-C0C01CFA8062}" = protocol=17 | dir=in | app=d:\program files (x86)\assassins creed ii\assassinscreedii.exe |
"{65000830-D020-43F8-9EE3-461BD2C8B83D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 free\arma2free.exe |
"{6BCEECBA-A8FD-4E80-AA40-2C1792936D3A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C0D04B2-D424-4527-85B3-6DF4C7168226}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead demo\arma2oa_demo.exe |
"{6C2F1532-F0FB-4AFE-B83C-AC871A0925A9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{6FA95379-B4C4-4C88-8D86-DD60BFAE517A}" = protocol=6 | dir=in | app=c:\users\mike\appdata\local\temp\reinstal\3gp_converter_setup[1].exe |
"{70094E01-BA23-416B-9A99-9963AD6E4BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{70291A9C-A9D5-485C-B6D5-6F5FBBBCE6DD}" = protocol=6 | dir=out | app=system |
"{76D36184-D62B-43A0-94BF-82239E4E8F80}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{7A0B9686-36B7-4B6B-B40C-7E575BE0BD33}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7BF9D2AA-0680-4B1D-9FE7-F1FC61C7E29D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7D4A4BD2-98FE-45BF-9128-8A5D0BDD4D78}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E78D8FA-275E-469A-A0D0-8DC635452AAE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{827BD965-479E-4475-827D-CC810553B5CF}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{87A7E14D-0156-4456-8F47-43DAB8F5B352}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{8FC6B2AD-C65D-417F-8713-9B1D6C1D56E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93A0B3BB-D041-40BA-9B3E-3930472B923A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{97D389DB-E10B-4510-B99A-A030EBE2BB96}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead demo\arma2oa_demo.exe |
"{9D10A057-CF76-4040-AF7E-6AAAFD9DC11D}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{A77A03D1-BB1F-443D-B6C4-0AF133A3CA86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7C2AD01-9E49-4923-9C63-ED1BEC31F491}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A9C40622-D51F-4C07-BAF7-7029982B7104}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{AC7B84A9-88A3-47BF-A741-C84E73F37FF4}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{B0BE8711-5364-4E0E-8FB9-D58D7844BC48}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{B2202F03-4278-44D8-A28C-7BB0BB5BB0FA}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B5CBF9D4-7F63-4231-B81A-36033C98851F}" = protocol=6 | dir=in | app=d:\program files (x86)\assassins creed ii\assassinscreedii.exe |
"{B66DD6FD-8ABF-4CC6-961B-31FCCDEACB77}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{B6988CBB-D5CE-42C7-98C5-3FEC65FED112}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6B93A4D-0059-4AA5-BE73-6EEA1CC6BAD1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{B8B54BBD-C6D3-4C50-AC68-7DF3978178A2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B93BA0BA-7BA9-4174-90D0-B8C6957988D9}" = protocol=17 | dir=in | app=d:\program files (x86)\revelations\acrsp.exe |
"{B97C5348-A68C-48BE-9AF7-1E636707C587}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcfpswx.exe |
"{BF176B14-1CD4-4589-86AC-CE581CE0FFEF}" = protocol=17 | dir=in | app=d:\program files (x86)\assassins creed ii\uplaybrowser.exe |
"{C01608C5-D1AF-4872-8A92-2CD1BC2F11FD}" = protocol=6 | dir=in | app=d:\program files (x86)\assassins creed ii\uplaybrowser.exe |
"{C2E3CBFC-CA12-423D-9EFB-A62EBA71179A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9775BB6-832D-4BC0-B5C4-2A5EDD8524B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CB869128-1424-4271-BAF5-B87B9DD9831C}" = protocol=6 | dir=in | app=c:\users\mike\appdata\local\microsoft\windows\temporary internet files\content.ie5\d147y5nh\3gp_converter_setup[1].exe |
"{CE564611-8EAF-4A6A-AEA7-1F775AF10F0A}" = protocol=6 | dir=in | app=d:\program files (x86)\revelations\acrmp.exe |
"{D0355AD4-6EBB-488B-8E8F-B3DA69F16EAC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D42757FE-64BB-40CD-B2A1-A93CFF35AD68}" = protocol=17 | dir=in | app=c:\users\mike\appdata\local\temp\reinstal\3gp_converter_setup[1].exe |
"{DD1EB0F6-B7C0-4980-9B6B-15E822E8FF06}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{E05B3CB0-4ADC-4DE7-8793-112D08E6AFCB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E12DD2ED-E42F-4E5B-B585-78A063678CDA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{E43D816A-F07D-4D36-AFFE-6DC0D51F79A6}" = protocol=17 | dir=in | app=d:\program files (x86)\revelations\acrmp.exe |
"{F5B47A61-E1C2-408C-B1EB-FCF135E8914C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F7EC7ADA-514F-4980-944D-D647F8FF74C0}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{F8C3A21A-B392-4267-9082-8E65301E07AB}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{FB362567-B0EC-4B63-B04D-475612925F0A}" = protocol=6 | dir=in | app=d:\program files (x86)\revelations\acrsp.exe |
"{FCA27083-66D3-4F71-9A1A-D8F10898C5CA}" = protocol=17 | dir=in | app=d:\program files (x86)\revelations\assassinscreedrevelations.exe |
"TCP Query User{42CADEF0-3192-4890-9919-7374837E452E}D:\program files (x86)\steam\steamapps\tiggy1997\team fortress 2 beta\hl2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\tiggy1997\team fortress 2 beta\hl2.exe |
"TCP Query User{4EE0FC22-14F5-412B-B0B3-717086CA08B2}C:\program files (x86)\darkfall us\lobby.exe" = protocol=6 | dir=in | app=c:\program files (x86)\darkfall us\lobby.exe |
"TCP Query User{60D20EC4-BBA5-4F88-9821-C364B583947C}C:\program files (x86)\darkfall us\lobby.exe" = protocol=6 | dir=in | app=c:\program files (x86)\darkfall us\lobby.exe |
"TCP Query User{C58B11C8-9908-46D5-85C7-56263D327C5C}D:\program files (x86)\steam\steamapps\tiggy1997\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\tiggy1997\team fortress 2\hl2.exe |
"TCP Query User{EC9D4544-8272-4461-A481-841D5DEBD9D1}D:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"TCP Query User{F59E35C3-129F-4922-BD54-F1356CDE8DFA}C:\program files (x86)\darkfall unholy wars\data\dfuw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\darkfall unholy wars\data\dfuw.exe |
"TCP Query User{FED585F2-653D-4CF0-B74A-6AF325C6E509}D:\program files (x86)\steam\steamapps\tiggy1997\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\tiggy1997\team fortress 2\hl2.exe |
"UDP Query User{59F4C65F-C762-4980-81F6-5B4293A51037}C:\program files (x86)\darkfall unholy wars\data\dfuw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\darkfall unholy wars\data\dfuw.exe |
"UDP Query User{742F8DCD-B388-40A4-9F04-A0C490F3EAF9}D:\program files (x86)\steam\steamapps\tiggy1997\team fortress 2 beta\hl2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\tiggy1997\team fortress 2 beta\hl2.exe |
"UDP Query User{8578D09C-D7C3-4FBB-A873-DD8AB238E4B4}D:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"UDP Query User{AF7E0C1E-3119-462A-9DB9-099D02160D31}C:\program files (x86)\darkfall us\lobby.exe" = protocol=17 | dir=in | app=c:\program files (x86)\darkfall us\lobby.exe |
"UDP Query User{B288F347-78AE-4A49-A3ED-AE6699508F89}D:\program files (x86)\steam\steamapps\tiggy1997\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\tiggy1997\team fortress 2\hl2.exe |
"UDP Query User{CE8CE9AA-6107-441C-96FC-C368A4AAF778}D:\program files (x86)\steam\steamapps\tiggy1997\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\tiggy1997\team fortress 2\hl2.exe |
"UDP Query User{EF2561A1-202C-41E7-812D-1313F068FF88}C:\program files (x86)\darkfall us\lobby.exe" = protocol=17 | dir=in | app=c:\program files (x86)\darkfall us\lobby.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel(R) Network Connections 15.3.68.0
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark 730 Series" = Lexmark 730 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PROSetDX" = Intel(R) Network Connections 15.3.68.0
"SP6" = Logitech SetPoint 6.15
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E9F8639-8337-4BDD-984E-E7A0D7180896}" = Mumble 1.2.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{70E4E07C-4C81-4B19-9D49-37AEB65E3A6B}_is1" = Smile Desktop version 1.0.8.286
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F922D6-E3E0-4303-AF8E-CE18412E3A18}" = Sound Blaster X-Fi MB 2
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABA3FC9F-3B5C-4C0B-A0F2-4AD293AE5CC4}" = Darkfall US
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEADC0DE-0936-4042-812C-CD05FB45B8E0}_is1" = Darkfall Unholy Wars 1.9.1.1
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activision_StarTrekArmadaUninstallKey" = Star Trek: Armada
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AutoItv3" = AutoIt v3.3.6.1
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PlayClaw" = PlayClaw
"PunkBusterSvc" = PunkBuster Services
"Steam App 107400" = ARMA 2: Free
"Steam App 220" = Half-Life 2
"Steam App 33970" = ARMA 2: Operation Arrowhead Demo
"Steam App 520" = Team Fortress 2 Beta
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2012 11:24:56 PM | Computer Name = Mikes-i7 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/8/2012 7:45:03 PM | Computer Name = Mikes-i7 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/8/2012 8:21:16 PM | Computer Name = Mikes-i7 | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/9/2012 11:28:23 PM | Computer Name = Mikes-i7 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/9/2012 11:57:50 PM | Computer Name = Mikes-i7 | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/10/2012 11:05:16 PM | Computer Name = Mikes-i7 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/10/2012 11:24:25 PM | Computer Name = Mikes-i7 | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/11/2012 4:23:43 PM | Computer Name = Mikes-i7 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/11/2012 5:16:33 PM | Computer Name = Mikes-i7 | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/12/2012 4:06:26 PM | Computer Name = Mikes-i7 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 12/29/2012 4:33:19 AM | Computer Name = Mikes-i7 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/29/2012 4:33:19 AM | Computer Name = Mikes-i7 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/29/2012 4:38:19 AM | Computer Name = Mikes-i7 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/29/2012 4:38:19 AM | Computer Name = Mikes-i7 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/29/2012 4:38:19 AM | Computer Name = Mikes-i7 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/29/2012 4:40:27 AM | Computer Name = Mikes-i7 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/29/2012 4:40:27 AM | Computer Name = Mikes-i7 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/29/2012 4:40:27 AM | Computer Name = Mikes-i7 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/29/2012 8:25:17 AM | Computer Name = Mikes-i7 | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
[You must be registered and logged in to see this link.]

Name:
Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon

Detection
Origin: %%844 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM

Process
Name: Unknown Action: %%809 Action Status: To finish removing malware and other
potentially unwanted software, restart the computer. To see how to finish removing
malware and other potentially unwanted software, see the support article on the
Microsoft Security website. Error Code: 0x80070032 Error description: The request
is not supported. Signature Version: AV: 1.141.2741.0, AS: 1.141.2741.0, NIS: 17.36.0.0

Engine
Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

Error - 12/29/2012 8:28:32 AM | Computer Name = Mikes-i7 | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
[You must be registered and logged in to see this link.]

Name:
Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon

Detection
Origin: %%844 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM

Process
Name: Unknown Action: %%809 Action Status: To finish removing malware and other
potentially unwanted software, restart the computer. To see how to finish removing
malware and other potentially unwanted software, see the support article on the
Microsoft Security website. Error Code: 0x80070032 Error description: The request
is not supported. Signature Version: AV: 1.141.2741.0, AS: 1.141.2741.0, NIS: 17.36.0.0

Engine
Version: AM: 1.1.9002.0, NIS: 2.1.8904.0


< End of report >


And here is the Adwcleanrer log:


# AdwCleaner v2.103 - Logfile created 12/29/2012 at 07:42:44
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mike - MIKES-I7
# Boot Mode : Normal
# Running from : C:\Users\Mike\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Users\Mike\AppData\LocalLow\AGI
Folder Deleted : C:\Users\Mike\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\Software\AGI
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [4195 octets] - [29/12/2012 07:42:44]

########## EOF - C:\AdwCleaner[S1].txt - [4255 octets] ##########

Tiggy
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-01-13
OS : Windows 7 64bit

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Dr Jay on Sat Dec 29, 2012 3:09 pm

Hi there!

ComboFix scan

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.]

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Tiggy on Sat Dec 29, 2012 9:24 pm

Here is the ComboFix Log:


ComboFix 12-12-29.02 - Mike 12/29/2012 16:18:40.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4457 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mike\Desktop\Internet Explorer.lnk
c:\windows\svchost.exe
c:\windows\SysWow64\tmpD48D.tmp
c:\windows\SysWow64\tmpD48E.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-29 )))))))))))))))))))))))))))))))
.
.
2012-12-29 21:21 . 2012-12-29 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-29 21:12 . 2012-12-29 21:12 35664 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7C5C382-7E1D-4394-86F6-224F2914578C}\MpKsl996fa243.sys
2012-12-29 12:44 . 2012-12-29 21:12 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7C5C382-7E1D-4394-86F6-224F2914578C}\offreg.dll
2012-12-29 12:44 . 2012-12-29 12:44 35664 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7C5C382-7E1D-4394-86F6-224F2914578C}\MpKsl38eb38db.sys
2012-12-29 05:48 . 2012-12-29 05:48 -------- d-----w- c:\windows\Microsoft Antimalware
2012-12-29 01:44 . 2012-12-29 01:44 -------- d-----w- c:\users\Mike\AppData\Local\Programs
2012-12-28 22:28 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7C5C382-7E1D-4394-86F6-224F2914578C}\mpengine.dll
2012-12-27 01:49 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-19 03:22 . 2012-12-19 03:22 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-12-16 14:55 . 2012-12-22 02:10 -------- d-----w- c:\program files (x86)\Darkfall Unholy Wars
2012-12-16 07:01 . 2012-12-16 07:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 07:01 . 2012-12-16 07:01 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-06 04:39 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-06 04:39 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-06 04:39 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-06 04:39 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-06 04:34 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-06 04:34 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-06 04:34 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-06 04:34 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-06 04:34 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-06 04:34 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-06 04:34 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-06 04:34 . 2012-12-06 04:34 -------- d-----w- c:\users\UpdatusUser
2012-12-06 04:33 . 2012-12-01 05:49 3663213 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-06 04:33 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-12-06 04:33 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-12-06 04:33 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-12-06 04:33 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-12-06 04:33 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-12-01 03:43 . 2012-12-01 03:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-12-01 02:13 . 2012-12-01 02:13 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2715102B-F12A-4472-9E6E-ABEE302AEB16}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 21:49 . 2010-09-18 15:52 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-03 15:47 . 2010-07-10 09:38 2816824 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-03 15:47 . 2010-07-10 09:38 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-01 05:49 . 2010-07-09 20:27 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2010-07-09 20:17 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2010-07-09 20:17 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2010-07-09 20:17 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2010-07-09 20:17 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-30 02:04 . 2010-09-30 11:05 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-18 02:57 . 2012-10-18 02:57 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-12-06 04:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-06 04:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-06 04:32 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-02 19:50 . 2010-07-09 20:17 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2012-12-04 1354736]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-12 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-12-17 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-06-10 2438256]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2010-05-31 1349632]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smile Desktop.lnk - c:\program files (x86)\Webshots\Smile Desktop\Smile.exe [2012-10-12 2173440]
Webshots Daily Features.lnk - c:\program files (x86)\Webshots Daily Features\Webshots Daily Features.exe [N/A]
WebshotsWidget.lnk - c:\program files (x86)\Webshots Daily Features\Webshots Daily Features.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl38eb38db;MpKsl38eb38db;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7C5C382-7E1D-4394-86F6-224F2914578C}\MpKsl38eb38db.sys [2012-12-29 35664]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-10 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-10 79360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-19 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]
S1 MpKsl996fa243;MpKsl996fa243;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7C5C382-7E1D-4394-86F6-224F2914578C}\MpKsl996fa243.sys [2012-12-29 35664]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-12-17 140672]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-01 382824]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2010-04-07 290008]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-06-03 1335408]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL996FA243
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-12 22:29]
.
2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-12 22:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-02-08 186904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"LXCFCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCFtime.dll" [2005-09-14 29184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-Activision_StarTrekArmadaUninstallKey - d:\progra~1\ACTIVI~1\UNINST~1\UNINST~1.EXE
AddRemove-BattlEye A2 Free - d:\program files (x86)\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"=hex:51,66,7a,6c,4c,1d,38,12,94,e0,d5,
0f,dd,36,e8,0d,fb,3a,19,52,5d,9a,01,4e
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ac,55,ea,74,57,a7,cd,01
.
[HKEY_USERS\S-1-5-21-3935809274-470947423-72806981-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3935809274-470947423-72806981-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-29 16:23:03
ComboFix-quarantined-files.txt 2012-12-29 21:23
.
Pre-Run: 43,330,494,464 bytes free
Post-Run: 43,658,035,200 bytes free
.
- - End Of File - - 878DC2F37051BDB69F2BF45A18DDBAAC

Tiggy
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-01-13
OS : Windows 7 64bit

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Dr Jay on Sat Dec 29, 2012 9:47 pm

TDSSKiller Scan

Please download and run [You must be registered and logged in to see this link.] to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Tiggy on Sat Dec 29, 2012 10:16 pm

It actually saved 3 .txt log files. I tried to attach the files but it says Uploaded file is not valid when I click on submit query. I will post the two smaller log files in one reply and the larger one in the following replies:

First of the 2 smaller ones:

17:06:56.0110 1296 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:06:56.0438 1296 ============================================================
17:06:56.0438 1296 Current date / time: 2012/12/29 17:06:56.0438
17:06:56.0438 1296 SystemInfo:
17:06:56.0438 1296
17:06:56.0438 1296 OS Version: 6.1.7601 ServicePack: 1.0
17:06:56.0438 1296 Product type: Workstation
17:06:56.0438 1296 ComputerName: MIKES-I7
17:06:56.0438 1296 UserName: Mike
17:06:56.0438 1296 Windows directory: C:\Windows
17:06:56.0438 1296 System windows directory: C:\Windows
17:06:56.0438 1296 Running under WOW64
17:06:56.0438 1296 Processor architecture: Intel x64
17:06:56.0438 1296 Number of processors: 8
17:06:56.0438 1296 Page size: 0x1000
17:06:56.0438 1296 Boot type: Normal boot
17:06:56.0438 1296 ============================================================
17:06:57.0146 1296 BG loaded
17:06:57.0886 1296 Drive \Device\Harddisk1\DR1 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
17:06:57.0906 1296 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:06:58.0066 1296 ============================================================
17:06:58.0066 1296 \Device\Harddisk1\DR1:
17:06:58.0086 1296 MBR partitions:
17:06:58.0086 1296 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:06:58.0086 1296 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xBA1F000
17:06:58.0086 1296 \Device\Harddisk0\DR0:
17:06:58.0086 1296 MBR partitions:
17:06:58.0086 1296 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
17:06:58.0086 1296 ============================================================
17:06:58.0086 1296 C: <-> \Device\Harddisk1\DR1\Partition2
17:06:58.0106 1296 D: <-> \Device\Harddisk0\DR0\Partition1
17:06:58.0106 1296 ============================================================
17:06:58.0106 1296 Initialize success
17:06:58.0106 1296 ============================================================
17:07:11.0818 1764 Deinitialize success



Second of the 2 smaller ones:


17:01:24.0135 5668 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:01:24.0444 5668 ============================================================
17:01:24.0444 5668 Current date / time: 2012/12/29 17:01:24.0444
17:01:24.0444 5668 SystemInfo:
17:01:24.0444 5668
17:01:24.0444 5668 OS Version: 6.1.7601 ServicePack: 1.0
17:01:24.0444 5668 Product type: Workstation
17:01:24.0444 5668 ComputerName: MIKES-I7
17:01:24.0444 5668 UserName: Mike
17:01:24.0444 5668 Windows directory: C:\Windows
17:01:24.0444 5668 System windows directory: C:\Windows
17:01:24.0444 5668 Running under WOW64
17:01:24.0444 5668 Processor architecture: Intel x64
17:01:24.0444 5668 Number of processors: 8
17:01:24.0444 5668 Page size: 0x1000
17:01:24.0444 5668 Boot type: Normal boot
17:01:24.0444 5668 ============================================================
17:01:24.0902 5668 Drive \Device\Harddisk1\DR1 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
17:01:24.0909 5668 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:01:24.0954 5668 ============================================================
17:01:24.0954 5668 \Device\Harddisk1\DR1:
17:01:24.0954 5668 MBR partitions:
17:01:24.0954 5668 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:01:24.0954 5668 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xBA1F000
17:01:24.0954 5668 \Device\Harddisk0\DR0:
17:01:24.0954 5668 MBR partitions:
17:01:24.0954 5668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
17:01:24.0954 5668 ============================================================
17:01:24.0955 5668 C: <-> \Device\Harddisk1\DR1\Partition2
17:01:24.0977 5668 D: <-> \Device\Harddisk0\DR0\Partition1
17:01:24.0977 5668 ============================================================
17:01:24.0977 5668 Initialize success
17:01:24.0977 5668 ============================================================
17:02:26.0233 8108 Deinitialize success



Tiggy
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-01-13
OS : Windows 7 64bit

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Tiggy on Sat Dec 29, 2012 10:18 pm

Larger Log File:

17:02:33.0793 6452 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:02:34.0127 6452 ============================================================
17:02:34.0127 6452 Current date / time: 2012/12/29 17:02:34.0127
17:02:34.0127 6452 SystemInfo:
17:02:34.0127 6452
17:02:34.0127 6452 OS Version: 6.1.7601 ServicePack: 1.0
17:02:34.0127 6452 Product type: Workstation
17:02:34.0127 6452 ComputerName: MIKES-I7
17:02:34.0127 6452 UserName: Mike
17:02:34.0127 6452 Windows directory: C:\Windows
17:02:34.0127 6452 System windows directory: C:\Windows
17:02:34.0127 6452 Running under WOW64
17:02:34.0127 6452 Processor architecture: Intel x64
17:02:34.0127 6452 Number of processors: 8
17:02:34.0127 6452 Page size: 0x1000
17:02:34.0127 6452 Boot type: Normal boot
17:02:34.0127 6452 ============================================================
17:02:34.0577 6452 Drive \Device\Harddisk1\DR1 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
17:02:34.0584 6452 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:02:34.0627 6452 ============================================================
17:02:34.0627 6452 \Device\Harddisk1\DR1:
17:02:34.0627 6452 MBR partitions:
17:02:34.0627 6452 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:02:34.0627 6452 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xBA1F000
17:02:34.0627 6452 \Device\Harddisk0\DR0:
17:02:34.0627 6452 MBR partitions:
17:02:34.0627 6452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
17:02:34.0627 6452 ============================================================
17:02:34.0628 6452 C: <-> \Device\Harddisk1\DR1\Partition2
17:02:34.0643 6452 D: <-> \Device\Harddisk0\DR0\Partition1
17:02:34.0643 6452 ============================================================
17:02:34.0644 6452 Initialize success
17:02:34.0644 6452 ============================================================
17:02:39.0393 6544 ============================================================
17:02:39.0393 6544 Scan started
17:02:39.0393 6544 Mode: Manual; SigCheck; TDLFS;
17:02:39.0393 6544 ============================================================
17:02:39.0565 6544 ================ Scan system memory ========================
17:02:39.0565 6544 System memory - ok
17:02:39.0566 6544 ================ Scan services =============================
17:02:39.0571 6544 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:02:39.0603 6544 !SASCORE - ok
17:02:39.0636 6544 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:02:39.0647 6544 1394ohci - ok
17:02:39.0652 6544 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:02:39.0661 6544 ACPI - ok
17:02:39.0664 6544 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:02:39.0674 6544 AcpiPmi - ok
17:02:39.0680 6544 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:02:39.0692 6544 adp94xx - ok
17:02:39.0697 6544 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:02:39.0707 6544 adpahci - ok
17:02:39.0711 6544 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:02:39.0719 6544 adpu320 - ok
17:02:39.0723 6544 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:02:39.0746 6544 AeLookupSvc - ok
17:02:39.0753 6544 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:02:39.0763 6544 AFD - ok
17:02:39.0766 6544 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:02:39.0774 6544 agp440 - ok
17:02:39.0776 6544 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:02:39.0785 6544 ALG - ok
17:02:39.0787 6544 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:02:39.0794 6544 aliide - ok
17:02:39.0796 6544 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:02:39.0803 6544 amdide - ok
17:02:39.0805 6544 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:02:39.0814 6544 AmdK8 - ok
17:02:39.0816 6544 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:02:39.0823 6544 AmdPPM - ok
17:02:39.0826 6544 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:02:39.0834 6544 amdsata - ok
17:02:39.0838 6544 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:02:39.0846 6544 amdsbs - ok
17:02:39.0849 6544 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:02:39.0856 6544 amdxata - ok
17:02:39.0858 6544 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:02:39.0879 6544 AppID - ok
17:02:39.0882 6544 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:02:39.0904 6544 AppIDSvc - ok
17:02:39.0907 6544 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:02:39.0928 6544 Appinfo - ok
17:02:39.0932 6544 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:02:39.0939 6544 arc - ok
17:02:39.0942 6544 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:02:39.0950 6544 arcsas - ok
17:02:39.0952 6544 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:02:39.0973 6544 AsyncMac - ok
17:02:39.0976 6544 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:02:39.0983 6544 atapi - ok
17:02:39.0992 6544 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:02:40.0017 6544 AudioEndpointBuilder - ok
17:02:40.0025 6544 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:02:40.0050 6544 AudioSrv - ok
17:02:40.0055 6544 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:02:40.0067 6544 AxInstSV - ok
17:02:40.0073 6544 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:02:40.0086 6544 b06bdrv - ok
17:02:40.0092 6544 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:02:40.0101 6544 b57nd60a - ok
17:02:40.0105 6544 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:02:40.0116 6544 BDESVC - ok
17:02:40.0119 6544 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:02:40.0148 6544 Beep - ok
17:02:40.0157 6544 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:02:40.0185 6544 BFE - ok
17:02:40.0195 6544 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:02:40.0227 6544 BITS - ok
17:02:40.0229 6544 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:02:40.0236 6544 blbdrive - ok
17:02:40.0240 6544 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:02:40.0247 6544 bowser - ok
17:02:40.0249 6544 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:02:40.0258 6544 BrFiltLo - ok
17:02:40.0260 6544 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:02:40.0269 6544 BrFiltUp - ok
17:02:40.0272 6544 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:02:40.0294 6544 BridgeMP - ok
17:02:40.0298 6544 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:02:40.0305 6544 Browser - ok
17:02:40.0310 6544 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:02:40.0319 6544 Brserid - ok
17:02:40.0322 6544 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:02:40.0335 6544 BrSerWdm - ok
17:02:40.0337 6544 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:02:40.0346 6544 BrUsbMdm - ok
17:02:40.0348 6544 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:02:40.0355 6544 BrUsbSer - ok
17:02:40.0358 6544 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:02:40.0367 6544 BTHMODEM - ok
17:02:40.0371 6544 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:02:40.0394 6544 bthserv - ok
17:02:40.0396 6544 catchme - ok
17:02:40.0399 6544 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:02:40.0422 6544 cdfs - ok
17:02:40.0425 6544 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:02:40.0434 6544 cdrom - ok
17:02:40.0437 6544 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:02:40.0459 6544 CertPropSvc - ok
17:02:40.0461 6544 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:02:40.0471 6544 circlass - ok
17:02:40.0476 6544 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:02:40.0487 6544 CLFS - ok
17:02:40.0492 6544 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:02:40.0498 6544 clr_optimization_v2.0.50727_32 - ok
17:02:40.0503 6544 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:02:40.0509 6544 clr_optimization_v2.0.50727_64 - ok
17:02:40.0515 6544 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:02:40.0522 6544 clr_optimization_v4.0.30319_32 - ok
17:02:40.0528 6544 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:02:40.0534 6544 clr_optimization_v4.0.30319_64 - ok
17:02:40.0537 6544 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:02:40.0544 6544 CmBatt - ok
17:02:40.0546 6544 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:02:40.0553 6544 cmdide - ok
17:02:40.0559 6544 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:02:40.0575 6544 CNG - ok
17:02:40.0577 6544 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:02:40.0584 6544 Compbatt - ok
17:02:40.0587 6544 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:02:40.0595 6544 CompositeBus - ok
17:02:40.0597 6544 COMSysApp - ok
17:02:40.0600 6544 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:02:40.0607 6544 crcdisk - ok
17:02:40.0611 6544 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
17:02:40.0613 6544 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:02:40.0613 6544 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:02:40.0616 6544 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:02:40.0618 6544 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:02:40.0618 6544 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:02:40.0623 6544 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:02:40.0631 6544 CryptSvc - ok
17:02:40.0636 6544 [ 7DAA33AAEE034AE62EF631A3F13A027B ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
17:02:40.0640 6544 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
17:02:40.0640 6544 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
17:02:40.0648 6544 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:02:40.0673 6544 DcomLaunch - ok
17:02:40.0677 6544 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:02:40.0701 6544 defragsvc - ok
17:02:40.0704 6544 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:02:40.0727 6544 DfsC - ok
17:02:40.0732 6544 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:02:40.0741 6544 Dhcp - ok
17:02:40.0744 6544 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:02:40.0766 6544 discache - ok
17:02:40.0769 6544 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:02:40.0776 6544 Disk - ok
17:02:40.0780 6544 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:02:40.0788 6544 Dnscache - ok
17:02:40.0793 6544 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:02:40.0815 6544 dot3svc - ok
17:02:40.0819 6544 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:02:40.0829 6544 dot4 - ok
17:02:40.0832 6544 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
17:02:40.0841 6544 Dot4Print - ok
17:02:40.0843 6544 [ 488669CD1CD3BDCFDD9A5FDA72209069 ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys
17:02:40.0852 6544 Dot4Scan - ok
17:02:40.0855 6544 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:02:40.0864 6544 dot4usb - ok
17:02:40.0867 6544 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:02:40.0890 6544 DPS - ok
17:02:40.0892 6544 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:02:40.0901 6544 drmkaud - ok
17:02:40.0912 6544 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:02:40.0927 6544 DXGKrnl - ok
17:02:40.0933 6544 [ 1F20AEAAD1BE0121647257235B788224 ] e1yexpress C:\Windows\system32\DRIVERS\e1y62x64.sys
17:02:40.0943 6544 e1yexpress - ok
17:02:40.0946 6544 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:02:40.0969 6544 EapHost - ok
17:02:41.0001 6544 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:02:41.0029 6544 ebdrv - ok
17:02:41.0032 6544 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:02:41.0041 6544 EFS - ok
17:02:41.0049 6544 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:02:41.0061 6544 ehRecvr - ok
17:02:41.0064 6544 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:02:41.0072 6544 ehSched - ok
17:02:41.0080 6544 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:02:41.0091 6544 elxstor - ok
17:02:41.0093 6544 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:02:41.0101 6544 ErrDev - ok
17:02:41.0109 6544 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:02:41.0133 6544 EventSystem - ok
17:02:41.0137 6544 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:02:41.0161 6544 exfat - ok
17:02:41.0165 6544 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:02:41.0188 6544 fastfat - ok
17:02:41.0196 6544 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:02:41.0208 6544 Fax - ok
17:02:41.0210 6544 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:02:41.0217 6544 fdc - ok
17:02:41.0220 6544 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:02:41.0242 6544 fdPHost - ok
17:02:41.0244 6544 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:02:41.0266 6544 FDResPub - ok
17:02:41.0268 6544 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:02:41.0276 6544 FileInfo - ok
17:02:41.0278 6544 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:02:41.0301 6544 Filetrace - ok
17:02:41.0312 6544 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:02:41.0326 6544 FLEXnet Licensing Service - ok
17:02:41.0328 6544 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:02:41.0335 6544 flpydisk - ok
17:02:41.0340 6544 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:02:41.0350 6544 FltMgr - ok
17:02:41.0363 6544 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:02:41.0377 6544 FontCache - ok
17:02:41.0379 6544 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:02:41.0385 6544 FontCache3.0.0.0 - ok
17:02:41.0388 6544 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:02:41.0395 6544 FsDepends - ok
17:02:41.0399 6544 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:02:41.0405 6544 fssfltr - ok
17:02:41.0422 6544 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:02:41.0441 6544 fsssvc - ok
17:02:41.0443 6544 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:02:41.0450 6544 Fs_Rec - ok
17:02:41.0454 6544 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:02:41.0465 6544 fvevol - ok
17:02:41.0468 6544 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:02:41.0475 6544 gagp30kx - ok
17:02:41.0484 6544 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:02:41.0510 6544 gpsvc - ok
17:02:41.0514 6544 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:02:41.0520 6544 gupdate - ok
17:02:41.0523 6544 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:02:41.0528 6544 gupdatem - ok
17:02:41.0532 6544 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:02:41.0539 6544 gusvc - ok
17:02:41.0541 6544 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:02:41.0548 6544 hcw85cir - ok
17:02:41.0553 6544 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:02:41.0563 6544 HdAudAddService - ok
17:02:41.0566 6544 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:02:41.0576 6544 HDAudBus - ok
17:02:41.0578 6544 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:02:41.0585 6544 HidBatt - ok
17:02:41.0588 6544 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:02:41.0597 6544 HidBth - ok
17:02:41.0600 6544 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:02:41.0609 6544 HidIr - ok
17:02:41.0611 6544 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:02:41.0633 6544 hidserv - ok
17:02:41.0636 6544 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:02:41.0643 6544 HidUsb - ok
17:02:41.0646 6544 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:02:41.0668 6544 hkmsvc - ok
17:02:41.0672 6544 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:02:41.0681 6544 HomeGroupListener - ok
17:02:41.0685 6544 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:02:41.0693 6544 HomeGroupProvider - ok
17:02:41.0696 6544 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:02:41.0704 6544 HpSAMD - ok
17:02:41.0713 6544 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:02:41.0738 6544 HTTP - ok
17:02:41.0740 6544 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:02:41.0747 6544 hwpolicy - ok
17:02:41.0750 6544 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:02:41.0758 6544 i8042prt - ok
17:02:41.0764 6544 [ D02E3EB6D8D7057FBACBA5D5D0706A6C ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:02:41.0772 6544 IAANTMON - ok
17:02:41.0778 6544 [ F5E2B2BF30AD82F6DFC16EB446840AB7 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:02:41.0787 6544 iaStor - ok
17:02:41.0792 6544 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:02:41.0802 6544 iaStorV - ok
17:02:41.0812 6544 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:02:41.0824 6544 idsvc - ok
17:02:41.0827 6544 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:02:41.0834 6544 iirsp - ok
17:02:41.0845 6544 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:02:41.0872 6544 IKEEXT - ok
17:02:41.0875 6544 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:02:41.0882 6544 intelide - ok
17:02:41.0885 6544 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:02:41.0892 6544 intelppm - ok
17:02:41.0895 6544 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:02:41.0919 6544 IPBusEnum - ok
17:02:41.0922 6544 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:02:41.0943 6544 IpFilterDriver - ok
17:02:41.0950 6544 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:02:41.0961 6544 iphlpsvc - ok
17:02:41.0964 6544 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:02:41.0972 6544 IPMIDRV - ok
17:02:41.0975 6544 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:02:41.0998 6544 IPNAT - ok
17:02:42.0000 6544 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:02:42.0010 6544 IRENUM - ok
17:02:42.0012 6544 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:02:42.0020 6544 isapnp - ok
17:02:42.0024 6544 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:02:42.0033 6544 iScsiPrt - ok
17:02:42.0036 6544 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:02:42.0043 6544 kbdclass - ok
17:02:42.0045 6544 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:02:42.0053 6544 kbdhid - ok
17:02:42.0055 6544 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:02:42.0062 6544 KeyIso - ok
17:02:42.0065 6544 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:02:42.0073 6544 KSecDD - ok
17:02:42.0076 6544 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:02:42.0084 6544 KSecPkg - ok
17:02:42.0087 6544 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:02:42.0109 6544 ksthunk - ok
17:02:42.0114 6544 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:02:42.0138 6544 KtmRm - ok
17:02:42.0142 6544 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:02:42.0165 6544 LanmanServer - ok
17:02:42.0169 6544 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:02:42.0191 6544 LanmanWorkstation - ok
17:02:42.0197 6544 [ 7447F069CE66633DAFA0B2DEEE7AF5BA ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:02:42.0205 6544 LBTServ - ok
17:02:42.0209 6544 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
17:02:42.0214 6544 LGBusEnum - ok
17:02:42.0216 6544 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
17:02:42.0221 6544 LGVirHid - ok
17:02:42.0223 6544 [ 0A7D6ED578D85F0C35353424EE3F5245 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:02:42.0228 6544 LHidFilt - ok
17:02:42.0231 6544 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:02:42.0253 6544 lltdio - ok
17:02:42.0257 6544 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:02:42.0281 6544 lltdsvc - ok
17:02:42.0284 6544 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:02:42.0305 6544 lmhosts - ok
17:02:42.0308 6544 [ 6542E2E6DB58118FBB1B82A68CE3AFF9 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:02:42.0313 6544 LMouFilt - ok
17:02:42.0316 6544 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:02:42.0324 6544 LSI_FC - ok
17:02:42.0327 6544 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:02:42.0335 6544 LSI_SAS - ok
17:02:42.0338 6544 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:02:42.0345 6544 LSI_SAS2 - ok
17:02:42.0348 6544 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:02:42.0356 6544 LSI_SCSI - ok
17:02:42.0358 6544 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:02:42.0381 6544 luafv - ok
17:02:42.0383 6544 lxcf_device - ok
17:02:42.0386 6544 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:02:42.0391 6544 MBAMProtector - ok
17:02:42.0397 6544 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:02:42.0405 6544 MBAMScheduler - ok
17:02:42.0413 6544 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:02:42.0423 6544 MBAMService - ok
17:02:42.0426 6544 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:02:42.0434 6544 Mcx2Svc - ok
17:02:42.0437 6544 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:02:42.0444 6544 megasas - ok
17:02:42.0448 6544 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:02:42.0458 6544 MegaSR - ok
17:02:42.0461 6544 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:02:42.0483 6544 MMCSS - ok
17:02:42.0485 6544 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:02:42.0507 6544 Modem - ok
17:02:42.0510 6544 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:02:42.0519 6544 monitor - ok
17:02:42.0521 6544 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:02:42.0528 6544 mouclass - ok
17:02:42.0530 6544 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:02:42.0537 6544 mouhid - ok
17:02:42.0540 6544 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:02:42.0548 6544 mountmgr - ok
17:02:42.0552 6544 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:02:42.0561 6544 MpFilter - ok
17:02:42.0565 6544 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:02:42.0573 6544 mpio - ok
17:02:42.0577 6544 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKsl38eb38db C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D7C5C382-7E1D-4394-86F6-224F2914578C}\MpKsl38eb38db.sys
17:02:42.0583 6544 MpKsl38eb38db - ok
17:02:42.0585 6544 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKsl996fa243 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D7C5C382-7E1D-4394-86F6-224F2914578C}\MpKsl996fa243.sys
17:02:42.0590 6544 MpKsl996fa243 - ok
17:02:42.0593 6544 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:02:42.0614 6544 mpsdrv - ok
17:02:42.0624 6544 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:02:42.0651 6544 MpsSvc - ok
17:02:42.0654 6544 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:02:42.0665 6544 MRxDAV - ok
17:02:42.0669 6544 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:02:42.0677 6544 mrxsmb - ok
17:02:42.0682 6544 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:02:42.0690 6544 mrxsmb10 - ok
17:02:42.0694 6544 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:02:42.0701 6544 mrxsmb20 - ok
17:02:42.0703 6544 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:02:42.0710 6544 msahci - ok
17:02:42.0713 6544 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:02:42.0721 6544 msdsm - ok
17:02:42.0724 6544 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:02:42.0733 6544 MSDTC - ok
17:02:42.0737 6544 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:02:42.0759 6544 Msfs - ok
17:02:42.0760 6544 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:02:42.0782 6544 mshidkmdf - ok
17:02:42.0784 6544 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:02:42.0791 6544 msisadrv - ok
17:02:42.0794 6544 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:02:42.0817 6544 MSiSCSI - ok
17:02:42.0819 6544 msiserver - ok
17:02:42.0822 6544 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:02:42.0843 6544 MSKSSRV - ok
17:02:42.0845 6544 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:02:42.0853 6544 MsMpSvc - ok
17:02:42.0854 6544 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:02:42.0876 6544 MSPCLOCK - ok
17:02:42.0878 6544 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:02:42.0900 6544 MSPQM - ok
17:02:42.0906 6544 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:02:42.0916 6544 MsRPC - ok
17:02:42.0919 6544 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:02:42.0926 6544 mssmbios - ok
17:02:42.0928 6544 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:02:42.0949 6544 MSTEE - ok
17:02:42.0952 6544 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:02:42.0959 6544 MTConfig - ok
17:02:42.0961 6544 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
17:02:42.0966 6544 MTsensor - ok
17:02:42.0969 6544 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:02:42.0976 6544 Mup - ok
17:02:42.0981 6544 [ 8DB5861A8DB19ABAF430FCD001EF5E93 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys
17:02:42.0988 6544 mv91xx - ok
17:02:42.0995 6544 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:02:43.0019 6544 napagent - ok
17:02:43.0024 6544 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:02:43.0036 6544 NativeWifiP - ok
17:02:43.0046 6544 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:02:43.0062 6544 NDIS - ok
17:02:43.0064 6544 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:02:43.0086 6544 NdisCap - ok
17:02:43.0088 6544 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:02:43.0110 6544 NdisTapi - ok
17:02:43.0113 6544 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:02:43.0134 6544 Ndisuio - ok
17:02:43.0138 6544 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:02:43.0159 6544 NdisWan - ok
17:02:43.0162 6544 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:02:43.0184 6544 NDProxy - ok
17:02:43.0186 6544 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:02:43.0209 6544 NetBIOS - ok
17:02:43.0213 6544 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:02:43.0235 6544 NetBT - ok
17:02:43.0238 6544 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:02:43.0245 6544 Netlogon - ok
17:02:43.0250 6544 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:02:43.0274 6544 Netman - ok
17:02:43.0281 6544 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:02:43.0306 6544 netprofm - ok
17:02:43.0309 6544 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:02:43.0315 6544 NetTcpPortSharing - ok
17:02:43.0318 6544 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:02:43.0326 6544 nfrd960 - ok
17:02:43.0329 6544 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:02:43.0335 6544 NisDrv - ok
17:02:43.0339 6544 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
17:02:43.0348 6544 NisSrv - ok
17:02:43.0353 6544 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:02:43.0361 6544 NlaSvc - ok
17:02:43.0364 6544 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:02:43.0385 6544 Npfs - ok
17:02:43.0388 6544 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:02:43.0410 6544 nsi - ok
17:02:43.0412 6544 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:02:43.0434 6544 nsiproxy - ok
17:02:43.0451 6544 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:02:43.0477 6544 Ntfs - ok
17:02:43.0480 6544 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:02:43.0501 6544 Null - ok
17:02:43.0504 6544 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
17:02:43.0510 6544 nusb3hub - ok
17:02:43.0514 6544 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:02:43.0520 6544 nusb3xhc - ok
17:02:43.0524 6544 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
17:02:43.0532 6544 NVHDA - ok
17:02:43.0648 6544 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:02:43.0756 6544 nvlddmkm - ok
17:02:43.0761 6544 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:02:43.0769 6544 nvraid - ok
17:02:43.0772 6544 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:02:43.0780 6544 nvstor - ok
17:02:43.0790 6544 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
17:02:43.0803 6544 nvsvc - ok
17:02:43.0816 6544 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:02:43.0832 6544 nvUpdatusService - ok
17:02:43.0836 6544 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:02:43.0843 6544 nv_agp - ok
17:02:43.0846 6544 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:02:43.0853 6544 ohci1394 - ok
17:02:43.0859 6544 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:02:43.0868 6544 p2pimsvc - ok
17:02:43.0875 6544 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:02:43.0885 6544 p2psvc - ok
17:02:43.0888 6544 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:02:43.0895 6544 Parport - ok
17:02:43.0898 6544 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:02:43.0906 6544 partmgr - ok
17:02:43.0909 6544 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:02:43.0921 6544 PcaSvc - ok
17:02:43.0925 6544 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:02:43.0933 6544 pci - ok
17:02:43.0935 6544 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:02:43.0942 6544 pciide - ok
17:02:43.0946 6544 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:02:43.0955 6544 pcmcia - ok
17:02:43.0958 6544 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:02:43.0965 6544 pcw - ok
17:02:43.0973 6544 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:02:43.0999 6544 PEAUTH - ok
17:02:44.0018 6544 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:02:44.0026 6544 PerfHost - ok
17:02:44.0043 6544 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:02:44.0073 6544 pla - ok
17:02:44.0079 6544 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:02:44.0089 6544 PlugPlay - ok
17:02:44.0092 6544 PnkBstrA - ok
17:02:44.0094 6544 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:02:44.0102 6544 PNRPAutoReg - ok
17:02:44.0107 6544 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:02:44.0116 6544 PNRPsvc - ok
17:02:44.0123 6544 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:02:44.0148 6544 PolicyAgent - ok
17:02:44.0152 6544 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:02:44.0176 6544 Power - ok
17:02:44.0179 6544 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:02:44.0201 6544 PptpMiniport - ok
17:02:44.0203 6544 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:02:44.0211 6544 Processor - ok
17:02:44.0214 6544 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:02:44.0223 6544 ProfSvc - ok
17:02:44.0225 6544 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:02:44.0232 6544 ProtectedStorage - ok
17:02:44.0235 6544 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:02:44.0257 6544 Psched - ok
17:02:44.0274 6544 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:02:44.0294 6544 ql2300 - ok
17:02:44.0298 6544 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:02:44.0305 6544 ql40xx - ok
17:02:44.0310 6544 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:02:44.0321 6544 QWAVE - ok
17:02:44.0324 6544 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:02:44.0334 6544 QWAVEdrv - ok
17:02:44.0336 6544 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:02:44.0358 6544 RasAcd - ok
17:02:44.0361 6544 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:02:44.0382 6544 RasAgileVpn - ok
17:02:44.0385 6544 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:02:44.0408 6544 RasAuto - ok
17:02:44.0411 6544 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:02:44.0433 6544 Rasl2tp - ok
17:02:44.0438 6544 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:02:44.0462 6544 RasMan - ok
17:02:44.0465 6544 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:02:44.0487 6544 RasPppoe - ok
17:02:44.0490 6544 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:02:44.0511 6544 RasSstp - ok
17:02:44.0517 6544 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:02:44.0540 6544 rdbss - ok

Tiggy
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-01-13
OS : Windows 7 64bit

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Tiggy on Sat Dec 29, 2012 10:19 pm

17:02:44.0542 6544 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:02:44.0551 6544 rdpbus - ok
17:02:44.0556 6544 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:02:44.0577 6544 RDPCDD - ok
17:02:44.0581 6544 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:02:44.0602 6544 RDPENCDD - ok
17:02:44.0605 6544 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:02:44.0626 6544 RDPREFMP - ok
17:02:44.0630 6544 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:02:44.0638 6544 RDPWD - ok
17:02:44.0642 6544 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:02:44.0651 6544 rdyboost - ok
17:02:44.0654 6544 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:02:44.0677 6544 RemoteAccess - ok
17:02:44.0680 6544 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:02:44.0703 6544 RemoteRegistry - ok
17:02:44.0705 6544 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:02:44.0728 6544 RpcEptMapper - ok
17:02:44.0730 6544 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:02:44.0738 6544 RpcLocator - ok
17:02:44.0745 6544 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
17:02:44.0769 6544 RpcSs - ok
17:02:44.0772 6544 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:02:44.0794 6544 rspndr - ok
17:02:44.0796 6544 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:02:44.0803 6544 SamSs - ok
17:02:44.0806 6544 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:02:44.0811 6544 SASDIFSV - ok
17:02:44.0812 6544 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:02:44.0817 6544 SASKUTIL - ok
17:02:44.0820 6544 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:02:44.0827 6544 sbp2port - ok
17:02:44.0832 6544 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:02:44.0855 6544 SCardSvr - ok
17:02:44.0857 6544 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:02:44.0878 6544 scfilter - ok
17:02:44.0891 6544 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:02:44.0919 6544 Schedule - ok
17:02:44.0922 6544 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:02:44.0943 6544 SCPolicySvc - ok
17:02:44.0947 6544 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:02:44.0955 6544 SDRSVC - ok
17:02:44.0958 6544 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:02:44.0979 6544 secdrv - ok
17:02:44.0981 6544 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:02:45.0003 6544 seclogon - ok
17:02:45.0006 6544 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:02:45.0029 6544 SENS - ok
17:02:45.0031 6544 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:02:45.0039 6544 SensrSvc - ok
17:02:45.0041 6544 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:02:45.0048 6544 Serenum - ok
17:02:45.0052 6544 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:02:45.0059 6544 Serial - ok
17:02:45.0061 6544 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:02:45.0068 6544 sermouse - ok
17:02:45.0074 6544 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:02:45.0097 6544 SessionEnv - ok
17:02:45.0099 6544 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:02:45.0108 6544 sffdisk - ok
17:02:45.0110 6544 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:02:45.0119 6544 sffp_mmc - ok
17:02:45.0121 6544 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:02:45.0129 6544 sffp_sd - ok
17:02:45.0131 6544 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:02:45.0138 6544 sfloppy - ok
17:02:45.0143 6544 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:02:45.0167 6544 SharedAccess - ok
17:02:45.0173 6544 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:02:45.0196 6544 ShellHWDetection - ok
17:02:45.0199 6544 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:02:45.0206 6544 SiSRaid2 - ok
17:02:45.0209 6544 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:02:45.0216 6544 SiSRaid4 - ok
17:02:45.0219 6544 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:02:45.0240 6544 Smb - ok
17:02:45.0245 6544 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:02:45.0253 6544 SNMPTRAP - ok
17:02:45.0255 6544 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:02:45.0262 6544 spldr - ok
17:02:45.0269 6544 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:02:45.0279 6544 Spooler - ok
17:02:45.0314 6544 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:02:45.0357 6544 sppsvc - ok
17:02:45.0361 6544 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:02:45.0383 6544 sppuinotify - ok
17:02:45.0390 6544 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:02:45.0400 6544 srv - ok
17:02:45.0406 6544 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:02:45.0415 6544 srv2 - ok
17:02:45.0419 6544 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:02:45.0427 6544 srvnet - ok
17:02:45.0431 6544 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:02:45.0454 6544 SSDPSRV - ok
17:02:45.0457 6544 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:02:45.0480 6544 SstpSvc - ok
17:02:45.0482 6544 Steam Client Service - ok
17:02:45.0488 6544 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:02:45.0496 6544 Stereo Service - ok
17:02:45.0499 6544 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:02:45.0506 6544 stexstor - ok
17:02:45.0513 6544 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:02:45.0528 6544 stisvc - ok
17:02:45.0530 6544 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:02:45.0537 6544 swenum - ok
17:02:45.0543 6544 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:02:45.0569 6544 swprv - ok
17:02:45.0586 6544 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:02:45.0608 6544 SysMain - ok
17:02:45.0611 6544 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:02:45.0622 6544 TabletInputService - ok
17:02:45.0627 6544 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:02:45.0650 6544 TapiSrv - ok
17:02:45.0653 6544 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:02:45.0675 6544 TBS - ok
17:02:45.0694 6544 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:02:45.0722 6544 Tcpip - ok
17:02:45.0740 6544 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:02:45.0764 6544 TCPIP6 - ok
17:02:45.0768 6544 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:02:45.0775 6544 tcpipreg - ok
17:02:45.0778 6544 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:02:45.0785 6544 TDPIPE - ok
17:02:45.0788 6544 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:02:45.0795 6544 TDTCP - ok
17:02:45.0798 6544 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:02:45.0819 6544 tdx - ok
17:02:45.0822 6544 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:02:45.0829 6544 TermDD - ok
17:02:45.0837 6544 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:02:45.0862 6544 TermService - ok
17:02:45.0865 6544 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:02:45.0876 6544 Themes - ok
17:02:45.0878 6544 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:02:45.0900 6544 THREADORDER - ok
17:02:45.0904 6544 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:02:45.0927 6544 TrkWks - ok
17:02:45.0931 6544 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:02:45.0952 6544 TrustedInstaller - ok
17:02:45.0956 6544 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:02:45.0977 6544 tssecsrv - ok
17:02:45.0980 6544 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:02:45.0987 6544 TsUsbFlt - ok
17:02:45.0990 6544 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:02:46.0012 6544 tunnel - ok
17:02:46.0014 6544 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:02:46.0022 6544 uagp35 - ok
17:02:46.0027 6544 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:02:46.0050 6544 udfs - ok
17:02:46.0054 6544 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:02:46.0063 6544 UI0Detect - ok
17:02:46.0065 6544 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:02:46.0073 6544 uliagpkx - ok
17:02:46.0075 6544 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:02:46.0083 6544 umbus - ok
17:02:46.0085 6544 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:02:46.0093 6544 UmPass - ok
17:02:46.0099 6544 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:02:46.0123 6544 upnphost - ok
17:02:46.0127 6544 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:02:46.0137 6544 usbaudio - ok
17:02:46.0139 6544 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:02:46.0147 6544 usbccgp - ok
17:02:46.0150 6544 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:02:46.0159 6544 usbcir - ok
17:02:46.0162 6544 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:02:46.0169 6544 usbehci - ok
17:02:46.0174 6544 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:02:46.0183 6544 usbhub - ok
17:02:46.0185 6544 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:02:46.0192 6544 usbohci - ok
17:02:46.0195 6544 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:02:46.0204 6544 usbprint - ok
17:02:46.0207 6544 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:02:46.0214 6544 USBSTOR - ok
17:02:46.0216 6544 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:02:46.0224 6544 usbuhci - ok
17:02:46.0226 6544 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:02:46.0249 6544 UxSms - ok
17:02:46.0251 6544 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:02:46.0258 6544 VaultSvc - ok
17:02:46.0260 6544 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:02:46.0268 6544 vdrvroot - ok
17:02:46.0275 6544 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:02:46.0299 6544 vds - ok
17:02:46.0302 6544 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:02:46.0311 6544 vga - ok
17:02:46.0313 6544 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:02:46.0335 6544 VgaSave - ok
17:02:46.0339 6544 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:02:46.0348 6544 vhdmp - ok
17:02:46.0363 6544 [ 4BEEE85531BDF397F8AD755AC60ED521 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
17:02:46.0380 6544 VIAHdAudAddService - ok
17:02:46.0382 6544 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:02:46.0389 6544 viaide - ok
17:02:46.0392 6544 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:02:46.0399 6544 volmgr - ok
17:02:46.0405 6544 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:02:46.0415 6544 volmgrx - ok
17:02:46.0420 6544 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:02:46.0429 6544 volsnap - ok
17:02:46.0433 6544 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:02:46.0441 6544 vsmraid - ok
17:02:46.0458 6544 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:02:46.0489 6544 VSS - ok
17:02:46.0492 6544 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:02:46.0500 6544 vwifibus - ok
17:02:46.0506 6544 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:02:46.0530 6544 W32Time - ok
17:02:46.0534 6544 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:02:46.0541 6544 WacomPen - ok
17:02:46.0545 6544 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:02:46.0566 6544 WANARP - ok
17:02:46.0570 6544 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:02:46.0590 6544 Wanarpv6 - ok
17:02:46.0605 6544 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:02:46.0623 6544 WatAdminSvc - ok
17:02:46.0640 6544 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:02:46.0657 6544 wbengine - ok
17:02:46.0661 6544 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:02:46.0673 6544 WbioSrvc - ok
17:02:46.0678 6544 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:02:46.0691 6544 wcncsvc - ok
17:02:46.0694 6544 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:02:46.0702 6544 WcsPlugInService - ok
17:02:46.0704 6544 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:02:46.0711 6544 Wd - ok
17:02:46.0719 6544 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:02:46.0734 6544 Wdf01000 - ok
17:02:46.0737 6544 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:02:46.0751 6544 WdiServiceHost - ok
17:02:46.0753 6544 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:02:46.0765 6544 WdiSystemHost - ok
17:02:46.0769 6544 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:02:46.0782 6544 WebClient - ok
17:02:46.0786 6544 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:02:46.0810 6544 Wecsvc - ok
17:02:46.0813 6544 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:02:46.0836 6544 wercplsupport - ok
17:02:46.0839 6544 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:02:46.0862 6544 WerSvc - ok
17:02:46.0864 6544 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:02:46.0885 6544 WfpLwf - ok
17:02:46.0888 6544 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:02:46.0895 6544 WIMMount - ok
17:02:46.0896 6544 WinDefend - ok
17:02:46.0899 6544 WinHttpAutoProxySvc - ok
17:02:46.0907 6544 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:02:46.0930 6544 Winmgmt - ok
17:02:46.0951 6544 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:02:46.0985 6544 WinRM - ok
17:02:46.0990 6544 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:02:46.0999 6544 WinUsb - ok
17:02:47.0009 6544 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:02:47.0024 6544 Wlansvc - ok
17:02:47.0027 6544 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:02:47.0032 6544 wlcrasvc - ok
17:02:47.0058 6544 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:02:47.0083 6544 wlidsvc - ok
17:02:47.0086 6544 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:02:47.0093 6544 WmiAcpi - ok
17:02:47.0098 6544 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:02:47.0107 6544 wmiApSrv - ok
17:02:47.0109 6544 WMPNetworkSvc - ok
17:02:47.0112 6544 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:02:47.0119 6544 WPCSvc - ok
17:02:47.0122 6544 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:02:47.0131 6544 WPDBusEnum - ok
17:02:47.0134 6544 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:02:47.0155 6544 ws2ifsl - ok
17:02:47.0159 6544 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:02:47.0169 6544 wscsvc - ok
17:02:47.0171 6544 WSearch - ok
17:02:47.0195 6544 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:02:47.0223 6544 wuauserv - ok
17:02:47.0226 6544 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:02:47.0234 6544 WudfPf - ok
17:02:47.0238 6544 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:02:47.0246 6544 WUDFRd - ok
17:02:47.0249 6544 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:02:47.0257 6544 wudfsvc - ok
17:02:47.0261 6544 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:02:47.0273 6544 WwanSvc - ok
17:02:47.0275 6544 ================ Scan global ===============================
17:02:47.0277 6544 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:02:47.0281 6544 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:02:47.0287 6544 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:02:47.0290 6544 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:02:47.0296 6544 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:02:47.0298 6544 [Global] - ok
17:02:47.0298 6544 ================ Scan MBR ==================================
17:02:47.0299 6544 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:02:47.0337 6544 Suspicious mbr (Forged): \Device\Harddisk1\DR1
17:02:47.0339 6544 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - infected
17:02:47.0339 6544 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Pihar.c (0)
17:02:47.0357 6544 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
17:02:47.0357 6544 \Device\Harddisk1\DR1 - detected TDSS File System (1)
17:02:47.0368 6544 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:02:47.0589 6544 \Device\Harddisk0\DR0 - ok
17:02:47.0589 6544 ================ Scan VBR ==================================
17:02:47.0592 6544 [ B2D15E043CD954176257529868615AF0 ] \Device\Harddisk1\DR1\Partition1
17:02:47.0593 6544 \Device\Harddisk1\DR1\Partition1 - ok
17:02:47.0596 6544 [ BC97A564443AC6A95168E1A4C467DFBF ] \Device\Harddisk1\DR1\Partition2
17:02:47.0597 6544 \Device\Harddisk1\DR1\Partition2 - ok
17:02:47.0600 6544 [ A20F21AC51ADF4F0719E7A15BBAE9DCC ] \Device\Harddisk0\DR0\Partition1
17:02:47.0601 6544 \Device\Harddisk0\DR0\Partition1 - ok
17:02:47.0602 6544 ============================================================
17:02:47.0602 6544 Scan finished
17:02:47.0602 6544 ============================================================
17:02:47.0611 5336 Detected object count: 5
17:02:47.0611 5336 Actual detected object count: 5
17:04:20.0460 5336 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:04:20.0460 5336 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:04:20.0460 5336 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:04:20.0460 5336 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:04:20.0461 5336 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
17:04:20.0461 5336 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:04:20.0898 5336 \Device\Harddisk1\DR1\# - copied to quarantine
17:04:20.0908 5336 \Device\Harddisk1\DR1 - copied to quarantine
17:04:22.0790 5336 \Device\Harddisk1\DR1\TDLFS\cmd.dll - copied to quarantine
17:04:22.0813 5336 \Device\Harddisk1\DR1\TDLFS\cmd64.dll - copied to quarantine
17:04:22.0833 5336 \Device\Harddisk1\DR1\TDLFS\drv32 - copied to quarantine
17:04:25.0150 5336 \Device\Harddisk1\DR1\TDLFS\drv64 - copied to quarantine
17:04:25.0159 5336 \Device\Harddisk1\DR1\TDLFS\servers.dat - copied to quarantine
17:04:25.0161 5336 \Device\Harddisk1\DR1\TDLFS\config.ini - copied to quarantine
17:04:25.0163 5336 \Device\Harddisk1\DR1\TDLFS\ldr16 - copied to quarantine
17:04:25.0279 5336 \Device\Harddisk1\DR1\TDLFS\ldr32 - copied to quarantine
17:04:25.0289 5336 \Device\Harddisk1\DR1\TDLFS\ldr64 - copied to quarantine
17:04:25.0295 5336 \Device\Harddisk1\DR1\TDLFS\s - copied to quarantine
17:04:25.0297 5336 \Device\Harddisk1\DR1\TDLFS\ldrm - copied to quarantine
17:04:25.0337 5336 \Device\Harddisk1\DR1\TDLFS\u - copied to quarantine
17:04:25.0342 5336 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:04:25.0343 5336 \Device\Harddisk1\DR1 - ok
17:04:55.0748 5336 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:04:55.0749 5336 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
17:04:55.0749 5336 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
17:05:20.0442 4144 Deinitialize success

Tiggy
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-01-13
OS : Windows 7 64bit

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Dr Jay on Sun Dec 30, 2012 10:27 pm

Re-run TDSSKiller and delete the TDSS File System, please.

Hitman Pro

Please download [You must be registered and logged in to see this link.]


  • After the download completes please double click the program to run it.
  • Accept the terms of the license agreement and click Next
  • Let the scan run. It will not take long
  • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  • Upload log.xml here for review please


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Tiggy on Mon Dec 31, 2012 1:56 am

I ran TDSSKiller again but I did not see a delete option. Should I just delete the file itself or is it an uninstall option within the program that I should click on? Also should I remove ComboFix and OTL as well or are they ok to keep on the computer?


Here is the Hitman Pro Log:

Code:

HitmanPro 3.7.0.185
www.hitmanpro.com

  Computer name . . . . : MIKES-I7
  Windows . . . . . . . : 6.1.1.7601.X64/8
  User name . . . . . . : Mikes-i7\Mike
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2012-12-30 20:52:31
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 39s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 20

  Objects scanned . . . : 1,125,317
  Files scanned . . . . : 14,804
  Remnants scanned  . . : 262,406 files / 848,107 keys

Suspicious files ____________________________________________________________

  C:\Users\Mike\AppData\Roaming\Ubisoft\Assassin's Creed Revelations\pb\pbcl.dll
      Size . . . . . . . : 950,066 bytes
      Age  . . . . . . . : 154.5 days (2012-07-29 09:52:39)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 688C585B1C3C825EB7BE30FC65AA831CAE38D78B14D002FB354B703B776A76FA
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Mike\AppData\Roaming\Ubisoft\Assassin's Creed Revelations\pb\pbcls.dll
      Size . . . . . . . : 950,066 bytes
      Age  . . . . . . . : 154.5 days (2012-07-29 09:52:43)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 688C585B1C3C825EB7BE30FC65AA831CAE38D78B14D002FB354B703B776A76FA
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)

Cookies _____________________________________________________________________

  C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\4Q04QGUL.txt
  C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\K3G8QBL2.txt
  C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\K61KDCTD.txt
  C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\LH3J4PQZ.txt
  C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\LIU0FHZY.txt
  C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\NLFY0N0B.txt
  C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\PREJ3HKW.txt
  C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\SKVI2KX1.txt
  C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\ULN332B7.txt
  C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\VGZCOZ7M.txt
  C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Cookies\WLP7KHEK.txt



Tiggy
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-01-13
OS : Windows 7 64bit

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Dr Jay on Mon Dec 31, 2012 11:39 pm

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Tiggy on Tue Jan 01, 2013 12:17 pm

Here is the ESET Scan Log:



C:\TDSSKiller_Quarantine\29.12.2012_17.02.34\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.12.2012_17.02.34\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.RG trojan cleaned by deleting - quarantined
C:\Users\Mike\AppData\Local\ArmA 2 Free\Adobe\wdyszta.dll a variant of Win32/Kryptik.ARKO trojan cleaned by deleting - quarantined

Tiggy
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-01-13
OS : Windows 7 64bit

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Dr Jay on Tue Jan 01, 2013 3:44 pm

Let me know of other issues, please...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Tiggy on Tue Jan 01, 2013 9:10 pm

My malware bytes, and windows essentials hasn't picked up on anything new. It would appear that the Trojans I had are gone. Thank you very much for your help.


Should I remove all the programs I downloaded: Combofix, HItmanPro, TDSSKiller, and OTL? And if so do I just simply click delete on them on the desktop or is there an uninstall for them?

Tiggy
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-01-13
OS : Windows 7 64bit

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Dr Jay on Tue Jan 01, 2013 10:19 pm

Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create



Remove tools, temp files, old Restore Points

Please run [You must be registered and logged in to see this link.]
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    ipconfig /flushdns /c

    :commands
    [CLEARALLRESTOREPOINTS]
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [reboot]

  • Then click the Run Fix button at the top.
  • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
  • It may open a log for you, but I don't need that.


To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


Security Check

Please download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Tiggy on Thu Jan 03, 2013 2:12 am

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
JavaFX 2.1.0
Java(TM) 7 Update 4
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````

Tiggy
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-01-13
OS : Windows 7 64bit

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Dr Jay on Thu Jan 03, 2013 3:47 pm

Java Update!

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

[You must be registered and logged in to see this link.]


Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Personal Tips on Preventing Malware

See [You must be registered and logged in to see this link.] for more info about malware and prevention.


Any other questions before I mark this topic solved?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Tiggy on Fri Jan 04, 2013 4:16 am

I should be good for now. Thank you so much for all your help.

Tiggy
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-01-13
OS : Windows 7 64bit

View user profile

Back to top Go down

Solved Re: Tojan Agents on Computer

Post by Dr Jay on Fri Jan 04, 2013 9:56 am

You're welcome. Topic solved.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum