Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old September 25th, 2011, 05:56 AM
Baysiide Baysiide is offline
New Member
 
Join Date: Sep 2011
Posts: 5
HijackThis Log

Hi... I've recently noticed I have a RAT on my computer. Please help me look over this log to see what is wrong because I have no idea what to look for :X

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:49:29 AM, on 9/25/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Users\Luke\AppData\Roaming\WinSec.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc. exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\Luke\AppData\Local\Temp\36917.exe
F:\Virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.odu.edu/cp/home/displaylogin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: InnoGames International Toolbar - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - C:\Program Files (x86)\InnoGames_International\prxtbInno.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110915103035.dl l
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: InnoGames International - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - C:\Program Files (x86)\InnoGames_International\prxtbInno.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: InnoGames International Toolbar - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - C:\Program Files (x86)\InnoGames_International\prxtbInno.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.e xe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WinDefend] C:\Users\Luke\AppData\Local\Temp\D8HQGQWQR3.exe
O4 - HKCU\..\Run: [WindowsFireWall] C:\Users\Luke\AppData\Local\Temp\/WindowsFireWall.exe
O4 - HKCU\..\Run: [msconfig] C:\Users\Luke\AppData\Roaming\Microsoft\System\Ser vices\msconfig.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Luke\AppData\Local\Google\Update\GoogleU pdate.exe" /c
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O20 - Winlogon Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.e xe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CyberLink Product - 2011/03/21 21:18:13 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FAService - Sensible Vision - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
Reply With Quote


  #2  
Old September 25th, 2011, 10:15 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Hi Bayslide,

Welcome to Cybertech. You're infected.

You're running a 64 bit system. Hijackthis is not the tool for you. Not only doesn't it show us enough information, but on 64 bit systems. some of what you're seeing is incorrect. Let's run some better tools to get a better picture of your system. Please don't fix anything without my advice.

------------------------------------------------------------

Please follow these instructions in the order given. This is very important.
First you need to boot to safe mode with networking. Here's how:

Restart the computer.
Begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.

Using the arrow keys on the keyboard, select Safe mode with networking and then press Enter.

Sign into your usual user profile.

Then run Hijackthis and scan. Check the boxes in front of the following items and then click the fix checked button.
Code:
O4 - HKCU\..\Run: [WinDefend] C:\Users\Luke\AppData\Local\Temp\D8HQGQWQR3.exe
O4 - HKCU\..\Run: [WindowsFireWall] C:\Users\Luke\AppData\Local\Temp\/WindowsFireWall.exe
O4 - HKCU\..\Run: [msconfig] C:\Users\Luke\AppData\Roaming\Microsoft\System\Services\msconfig.exe

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it (For Vista/Windows 7, right click the file and select: Run as Administrator)
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


-----------------------------


Click this link to download OldTimer's OTL to your desktop.
http://oldtimer.geekstogo.com/OTL.exe

Next, click OTL.exe to open the scan display.(Vista and windows7 Users, right click on OTL.exe and click on Run As Administrator) At the top check "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

--------------------------

Are you running an Anti Virus program & a firewall? You should.


We'll need this anti virus scan to see what it finds: (It should find at least a few things)
Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser).
***For Users running Windows Vista and Windows 7, right click on the Internet Explorer shortcut and then click run as administrator to start a new instance of Internet Explorer. Use that browser session to go the the scan site. XP users, this doesn't apply. Just going to the site is enough.


Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Afer the scan is complete and you see scan completed in the window, there will be a link labeled List of found threats. You want to click it . When that next page opens, you have a choice of copying to clipboard or exporting to text file. choose export to text file. Name the file eset results.txt Save it on your desktop and post its contents into your next reply here.



***** Please do not restart your system until alll these steps are finished.
Reply With Quote
  #3  
Old September 26th, 2011, 07:04 AM
Baysiide Baysiide is offline
New Member
 
Join Date: Sep 2011
Posts: 5
First of all, I'd like to thank you for your straightforward and sound advice. I have all the logs and had no trouble finding everything. You're a very good person. Take a look at these and tell me what you think:

aswMBR.exe:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-26 01:19:35
-----------------------------
01:19:35.750 OS Version: Windows x64 6.1.7601 Service Pack 1
01:19:35.750 Number of processors: 8 586 0x1E05
01:19:35.750 ComputerName: LUKE-PC UserName: Luke
01:19:37.107 Initialize success
01:19:46.748 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:19:46.748 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
01:19:46.763 Disk 0 MBR read successfully
01:19:46.779 Disk 0 MBR scan
01:19:46.779 Disk 0 Windows VISTA default MBR code
01:19:46.779 Service scanning
01:19:47.980 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
01:19:48.557 Modules scanning
01:19:48.557 Disk 0 trace - called modules:
01:19:48.604 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
01:19:48.604 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bb7790]
01:19:48.620 3 CLASSPNP.SYS[fffff88001b6b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80079a0050]
01:19:48.620 Scan finished successfully
01:20:10.023 Disk 0 MBR has been saved successfully to "C:\Users\Luke\Desktop\MBR.dat"
01:20:10.054 The log file has been saved successfully to "C:\Users\Luke\Desktop\aswMBR.txt"



OTL.txt:
OTL logfile created on: 9/26/2011 1:21:35 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Luke\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.58 Gb Available Physical Memory | 82.31% Memory free
15.98 Gb Paging File | 14.60 Gb Available in Paging File | 91.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 268.98 Gb Free Space | 59.63% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 7.52 Gb Total Space | 0.95 Gb Free Space | 12.63% Space Free | Partition Type: FAT32

Computer Name: LUKE-PC | User Name: Luke | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/26 01:21:05 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Luke\Downloads\OTL.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/19 23:07:39 | 000,412,728 | ---- | M] () -- C:\Users\Luke\AppData\Local\Google\Chrome\Applicat ion\14.0.835.186\ppgooglenaclpluginchrome.dll
MOD - [2011/09/19 23:07:37 | 003,696,184 | ---- | M] () -- C:\Users\Luke\AppData\Local\Google\Chrome\Applicat ion\14.0.835.186\pdf.dll
MOD - [2011/09/19 23:06:11 | 000,142,568 | ---- | M] () -- C:\Users\Luke\AppData\Local\Google\Chrome\Applicat ion\14.0.835.186\avutil-51.dll
MOD - [2011/09/19 23:06:10 | 000,253,320 | ---- | M] () -- C:\Users\Luke\AppData\Local\Google\Chrome\Applicat ion\14.0.835.186\avformat-53.dll
MOD - [2011/09/19 23:06:09 | 002,403,240 | ---- | M] () -- C:\Users\Luke\AppData\Local\Google\Chrome\Applicat ion\14.0.835.186\avcodec-53.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/15 11:26:18 | 000,822,264 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/21 11:39:22 | 000,014,648 | ---- | M] (Alienware) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2010/04/04 14:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)
SRV:64bit: - [2009/09/15 15:49:02 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\st wrt64.inf_amd64_neutral_056607ee0106e5e8\stacsv64. exe -- (STacSV)
SRV:64bit: - [2009/08/17 22:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\st wrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64. exe -- (AESTFilters)
SRV - [2011/09/16 02:54:41 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/19 06:24:14 | 002,399,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\AlienRespawn\sftservice.EXE -- (SftService)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/26 19:26:58 | 000,236,016 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/01/04 15:10:00 | 000,016,384 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\OSD\OSD_Service.exe -- (HappyOSD)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/07/11 01:13:42 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/15 11:25:38 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/12 11:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/04/01 07:29:16 | 000,319,536 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/09 21:37:56 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009/12/02 03:45:32 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/11/01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/14 13:29:54 | 000,034,472 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2009/10/13 01:22:02 | 000,178,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
DRV:64bit: - [2009/09/15 15:49:02 | 000,499,712 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/09/15 00:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 15:53:46 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) Intel(R)
DRV:64bit: - [2009/07/13 15:53:42 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/07/13 15:42:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma) Intel(R)
DRV:64bit: - [2009/07/01 00:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 00:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 00:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/07 03:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/03/09 04:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2008/10/03 16:39:00 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/24 22:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2008/03/03 19:19:04 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/27 20:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/04/11 10:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE) Driver for Intel(R)
DRV:64bit: - [2007/04/11 10:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE) Driver for Intel(R)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - C:\Program Files (x86)\InnoGames_International\prxtbInno.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1812768752-191054722-3596346725-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
IE - HKU\S-1-5-21-1812768752-191054722-3596346725-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKU\S-1-5-21-1812768752-191054722-3596346725-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT2645238
IE - HKU\S-1-5-21-1812768752-191054722-3596346725-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1812768752-191054722-3596346725-1000\..\URLSearchHook: {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - C:\Program Files (x86)\InnoGames_International\prxtbInno.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1812768752-191054722-3596346725-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\b in\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Luke\AppData\Local\Google\Update\1.3.21.6 9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Luke\AppData\Local\Google\Update\1.3.21.6 9\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011/09/25 01:39:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/09/25 00:54:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/09/25 01:19:20 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Luke\AppData\Local\Google\Chrome\Applicat ion\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\Luke\AppData\Local\Google\Chrome\Applicat ion\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Luke\AppData\Local\Google\Chrome\Applicat ion\14.0.835.186\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Luke\AppData\Local\Google\Update\1.3.21.6 9\npGoogleUpdate3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1804_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\Tru stCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\b in\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (InnoGames International Toolbar) - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - C:\Program Files (x86)\InnoGames_International\prxtbInno.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\Tru stCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (InnoGames International Toolbar) - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - C:\Program Files (x86)\InnoGames_International\prxtbInno.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\b in\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1812768752-191054722-3596346725-1000\..\Toolbar\WebBrowser: (InnoGames International Toolbar) - {942CD1D4-9CC1-4D31-876A-EA8F489F7A59} - C:\Program Files (x86)\InnoGames_International\prxtbInno.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Integrated Webcam Live! Central] C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch.exe (HH)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.e xe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{3734F9A9-0908-4DA4-A9AC-DFA4B675B753}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ba94ffcb-6842-11e0-8e64-842b2b844e3a}\Shell - "" = AutoRun
O33 - MountPoints2\{ba94ffcb-6842-11e0-8e64-842b2b844e3a}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/25 13:56:05 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/09/25 01:19:29 | 000,000,000 | ---D | C] -- C:\Users\Luke\Documents\ForceField Shared Files
[2011/09/25 01:19:22 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\CheckPoint
[2011/09/25 01:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2011/09/25 01:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm_Security
[2011/09/25 01:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/09/25 01:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/09/25 01:18:16 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2011/09/25 01:17:34 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2011/09/25 01:17:34 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2011/09/25 01:17:29 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2011/09/25 01:17:26 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2011/09/25 01:17:26 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2011/09/25 01:17:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2011/09/25 01:17:25 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2011/09/25 01:17:25 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2011/09/25 01:17:24 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\drivers\vsdatant.sys
[2011/09/25 01:17:24 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2011/09/25 01:17:00 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2011/09/25 01:17:00 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2011/09/25 01:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\MCAFEE
[2011/09/25 01:12:19 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2011/09/25 01:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011/09/25 01:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/09/25 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/09/25 00:54:23 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\AVG2012
[2011/09/25 00:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/09/25 00:54:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/09/25 00:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/25 00:53:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/09/25 00:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/09/25 00:44:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/09/25 00:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/09/19 19:15:15 | 000,000,000 | ---D | C] -- C:\.codeusa_cache_32
[2011/09/19 17:28:15 | 000,000,000 | ---D | C] -- C:\artegoworld_32
[2011/09/16 17:39:59 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\{0E93212B-F5B9-41BB-B9F7-392267C7F89E}
[2011/09/16 17:39:49 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\{6616FD2F-71FF-4C6D-9699-31EAA33CAC92}
[2011/09/14 00:48:46 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Google Chrome
[2011/09/14 00:46:44 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Google
[2011/09/14 00:38:46 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\{DCFA0ED2-A371-4CFF-AF99-1228D6704E62}
[2011/09/14 00:38:24 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\{55778134-4CF9-49B1-9CE0-1B0A70EA8D65}
[2011/09/14 00:29:23 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/09/14 00:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/09/14 00:17:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/09/14 00:17:31 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2011/09/14 00:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/09/14 00:17:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/09/14 00:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/09/14 00:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/09/14 00:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/09/14 00:13:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/09/14 00:13:07 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Windows Live
[2011/09/14 00:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/09/12 22:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/09/12 16:54:19 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\ASIO4ALL v2
[2011/09/12 16:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2011/09/12 16:53:27 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2011/09/12 16:53:26 | 000,000,000 | ---D | C] -- C:\Users\Luke\Documents\Image-Line
[2011/09/12 16:53:17 | 001,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm
[2011/09/12 16:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2011/09/12 16:53:07 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Image-Line
[2011/09/12 16:53:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2011/09/12 16:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2011/09/12 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\Luke\Desktop\Fruity Loops
[2011/09/12 01:26:52 | 000,032,072 | ---- | C] (Microsoft Corporation) -- C:\Users\Luke\AppData\Roaming\svchost.exe
[2011/09/12 01:26:52 | 000,032,072 | ---- | C] (Microsoft Corporation) -- C:\Users\Luke\AppData\Roaming\idiitss.exe
[2011/09/09 02:10:34 | 000,032,072 | ---- | C] (Microsoft Corporation) -- C:\Users\Luke\AppData\Roaming\FUD.exe
[2011/09/09 00:28:34 | 000,032,072 | ---- | C] (Microsoft Corporation) -- C:\Users\Luke\AppData\Roaming\WinSec.exe
[2011/09/09 00:28:34 | 000,032,072 | ---- | C] (Microsoft Corporation) -- C:\Users\Luke\AppData\Roaming\D8HQGQWQR3.exe
[2011/09/09 00:28:34 | 000,032,072 | ---- | C] (Microsoft Corporation) -- C:\Users\Luke\AppData\Roaming\Cleints.exe
[2011/09/06 02:04:17 | 000,000,000 | ---D | C] -- C:\Users\Luke\Documents\RSBuddy
[2011/09/06 02:03:30 | 000,000,000 | ---D | C] -- C:\Users\Luke\Desktop\rsbuddy
[2011/09/01 16:05:26 | 000,000,000 | ---D | C] -- C:\Users\Luke\.file_store_32
[2011/08/31 12:01:11 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/31 10:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2011/08/31 00:04:36 | 000,000,000 | ---D | C] -- C:\.file_store_32
[2011/08/30 02:30:52 | 000,000,000 | ---D | C] -- C:\Users\Luke\.jagex_cache_32
[2011/08/27 18:38:05 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2011/08/27 18:37:20 | 000,000,000 | ---D | C] -- C:\Users\Luke\Documents\EpicBot
[2011/08/27 18:37:20 | 000,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\EpicBot
[2011/08/27 18:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EpicBot
[2011/08/27 18:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpicBot
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


(OTL.txt continuted on next post)
Reply With Quote
  #4  
Old September 26th, 2011, 07:05 AM
Baysiide Baysiide is offline
New Member
 
Join Date: Sep 2011
Posts: 5
========== Files - Modified Within 30 Days ==========

[2011/09/26 01:23:10 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/26 01:23:10 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/26 01:23:10 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/26 01:20:10 | 000,000,512 | ---- | M] () -- C:\Users\Luke\Desktop\MBR.dat
[2011/09/26 01:18:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/26 01:18:07 | 2138,439,679 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/26 01:05:46 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/26 01:05:46 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/26 00:51:27 | 000,157,295 | ---- | M] () -- C:\Users\Luke\AppData\Roaming\Rs
[2011/09/26 00:51:27 | 000,145,428 | ---- | M] () -- C:\Users\Luke\AppData\Roaming\Hash1
[2011/09/26 00:51:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1812768752-191054722-3596346725-1000UA.job
[2011/09/26 00:51:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1812768752-191054722-3596346725-1000Core.job
[2011/09/25 23:32:04 | 000,000,012 | ---- | M] () -- C:\Users\Luke\AppData\Roaming\RSBuddy Login.ini
[2011/09/25 18:40:46 | 105,088,153 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/09/25 01:19:44 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/09/25 01:18:20 | 000,001,028 | ---- | M] () -- C:\Users\Luke\Desktop\ZoneAlarm Security.lnk
[2011/09/25 00:59:40 | 000,661,889 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/09/25 00:54:04 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/25 00:54:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/09/25 00:54:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/09/25 00:54:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/09/23 19:11:57 | 642,560,360 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/23 19:04:29 | 000,004,586 | ---- | M] () -- C:\Users\Luke\AppData\Roaming\trs
[2011/09/21 19:33:40 | 000,000,129 | ---- | M] () -- C:\Users\Luke\jagex_runescape_preferences2.dat
[2011/09/21 19:33:40 | 000,000,035 | ---- | M] () -- C:\Users\Luke\jagex_runescape_preferences.dat
[2011/09/20 22:52:57 | 000,002,395 | ---- | M] () -- C:\Users\Luke\Desktop\Google Chrome.lnk
[2011/09/19 19:15:15 | 000,000,000 | ---- | M] () -- C:\Users\Luke\codeusa_codeusa_preferences.dat
[2011/09/18 20:30:18 | 000,312,473 | ---- | M] () -- C:\Users\Luke\Desktop\MTA proof.png
[2011/09/18 02:20:47 | 000,000,597 | ---- | M] () -- C:\Users\Luke\AppData\Roaming\RSBuddy_redlinebmx93 .ini
[2011/09/16 17:49:05 | 017,627,479 | ---- | M] () -- C:\Users\Luke\Desktop\FruityLoopsMix.wmv
[2011/09/16 17:45:35 | 000,002,644 | ---- | M] () -- C:\Users\Luke\Documents\FruityLoopsMix.wmv.wlmp
[2011/09/16 17:44:22 | 000,002,646 | ---- | M] () -- C:\Users\Luke\Documents\Fruity Loops Mix.wlmp
[2011/09/16 17:44:06 | 000,002,638 | ---- | M] () -- C:\Users\Luke\Documents\My Movie.wlmp
[2011/09/15 13:08:39 | 003,455,547 | ---- | M] () -- C:\Users\Luke\Desktop\First song.mp3
[2011/09/15 03:01:11 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/14 00:40:22 | 006,250,026 | ---- | M] () -- C:\Users\Luke\Desktop\IMG_0381.jpg
[2011/09/12 22:04:27 | 000,001,978 | ---- | M] () -- C:\Users\Luke\Desktop\Collab.lnk
[2011/09/12 21:24:46 | 000,000,008 | ---- | M] () -- C:\Users\Luke\AppData\Roaming\RCFLZN1QCL.exe
[2011/09/12 16:54:19 | 000,001,100 | ---- | M] () -- C:\Users\Luke\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/09/12 16:53:26 | 000,001,101 | ---- | M] () -- C:\Users\Luke\Desktop\FL Studio 9.lnk
[2011/09/07 17:53:04 | 000,000,184 | ---- | M] () -- C:\Users\Luke\AppData\Roaming\RSBuddy_luketrager@y ahoo.com.ini
[2011/08/31 10:57:50 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\EpicBot.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/26 01:20:10 | 000,000,512 | ---- | C] () -- C:\Users\Luke\Desktop\MBR.dat
[2011/09/25 23:09:01 | 000,000,012 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\RSBuddy Login.ini
[2011/09/25 18:40:46 | 105,088,153 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/09/25 01:18:20 | 000,001,028 | ---- | C] () -- C:\Users\Luke\Desktop\ZoneAlarm Security.lnk
[2011/09/25 01:12:22 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/09/25 00:59:40 | 000,661,889 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/09/25 00:54:04 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/25 00:54:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/09/25 00:54:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/09/25 00:54:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/09/23 19:11:57 | 642,560,360 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/23 02:00:03 | 000,004,586 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\trs
[2011/09/19 19:15:15 | 000,000,000 | ---- | C] () -- C:\Users\Luke\codeusa_codeusa_preferences.dat
[2011/09/18 20:30:17 | 000,312,473 | ---- | C] () -- C:\Users\Luke\Desktop\MTA proof.png
[2011/09/16 17:46:06 | 017,627,479 | ---- | C] () -- C:\Users\Luke\Desktop\FruityLoopsMix.wmv
[2011/09/16 17:45:35 | 000,002,644 | ---- | C] () -- C:\Users\Luke\Documents\FruityLoopsMix.wmv.wlmp
[2011/09/16 17:44:21 | 000,002,646 | ---- | C] () -- C:\Users\Luke\Documents\Fruity Loops Mix.wlmp
[2011/09/14 00:48:50 | 000,002,395 | ---- | C] () -- C:\Users\Luke\Desktop\Google Chrome.lnk
[2011/09/14 00:46:45 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1812768752-191054722-3596346725-1000UA.job
[2011/09/14 00:46:45 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1812768752-191054722-3596346725-1000Core.job
[2011/09/14 00:41:07 | 000,002,638 | ---- | C] () -- C:\Users\Luke\Documents\My Movie.wlmp
[2011/09/14 00:40:22 | 006,250,026 | ---- | C] () -- C:\Users\Luke\Desktop\IMG_0381.jpg
[2011/09/14 00:25:16 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/09/14 00:24:11 | 000,001,336 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/09/14 00:21:58 | 000,001,420 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/09/14 00:21:23 | 000,002,448 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/09/13 23:40:59 | 003,455,547 | ---- | C] () -- C:\Users\Luke\Desktop\First song.mp3
[2011/09/12 22:04:27 | 000,001,978 | ---- | C] () -- C:\Users\Luke\Desktop\Collab.lnk
[2011/09/12 21:25:16 | 000,145,428 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\Hash1
[2011/09/12 21:24:46 | 000,000,008 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\RCFLZN1QCL.exe
[2011/09/12 16:54:19 | 000,001,100 | ---- | C] () -- C:\Users\Luke\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/09/12 16:53:26 | 000,001,101 | ---- | C] () -- C:\Users\Luke\Desktop\FL Studio 9.lnk
[2011/09/09 23:29:45 | 000,157,295 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\Rs
[2011/09/07 17:53:04 | 000,000,184 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\RSBuddy_luketrager@y ahoo.com.ini
[2011/09/06 02:07:28 | 000,000,597 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\RSBuddy_redlinebmx93 .ini
[2011/08/30 02:30:54 | 000,000,129 | ---- | C] () -- C:\Users\Luke\jagex_runescape_preferences2.dat
[2011/08/30 02:30:48 | 000,000,035 | ---- | C] () -- C:\Users\Luke\jagex_runescape_preferences.dat
[2011/08/27 18:36:59 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\EpicBot.lnk
[2011/08/01 18:22:50 | 000,000,067 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\RSBot_Accounts.ini
[2011/04/19 22:01:06 | 000,000,600 | ---- | C] () -- C:\Users\Luke\AppData\Local\PUTTY.RND
[2011/04/06 18:04:21 | 000,016,384 | ---- | C] () -- C:\Users\Luke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/03 13:44:03 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/30 22:11:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/21 15:38:00 | 000,097,584 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2010/04/04 14:45:06 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/04/04 14:44:12 | 000,059,208 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/04/04 14:42:44 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >
Reply With Quote
  #5  
Old September 26th, 2011, 07:27 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
You're welcome.


Were you able to run the ESET Online scanner? Please do that and post the results.


We left the infected files in place, but removed their startups, at least those we might see. But we need to do a comprehensive scan and removal using ESET to remove the actual files. I see several, but am not 100% sure of a few more. You can't go just by file location.
Reply With Quote
  #6  
Old September 26th, 2011, 09:02 AM
Baysiide Baysiide is offline
New Member
 
Join Date: Sep 2011
Posts: 5
Yes, I was able to run the scan. It just finished and find quite a few infections!

Results.txt:
C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Users\Luke\AppData\Roamingcpxs68yqjjNz.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\23N6NDP9\Java Micro Systems[1].exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\CKH46U2O\.net[1].exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\CKH46U2O\Java[1].exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\VKCGOT9O\.Net[1].exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\VKCGOT9O\new ****[1].exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\11006.jpg a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\11013.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\11237.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\11801.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\1287.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\15066.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\1566.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\1601.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\16148.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\16414.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\17546.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\19766.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\20045.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\22614.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\22809.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\32003.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\32362.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\32443.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\3321.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\34115.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\34607.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\34756.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\3540.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\35975.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\37282.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\37388.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\37463.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\38072.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\40016.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\41684.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\41868.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\42051.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\44520.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\45906.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\46308.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\47998.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\50678.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\5069.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\50757.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\52541.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\53147.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\54983.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\56302.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\56329.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\60178.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\60757.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\60865.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\61382.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\62307.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\62842.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\63452.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\63649.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\6566.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\65942.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\66790.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\67098.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\68381.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\68750.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\69117.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\70260.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\70691.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\73257.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\75326.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\76530.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\76745.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\77900.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\80351.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\8154.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\82502.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\83087.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\83304.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\841.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\84139.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\85031.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\87048.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\8742.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\89741.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\91393.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\92520.jpg a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\92522.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\93590.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\94410.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\945.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\94641.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\95122.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\9605.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\96153.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\96917.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\96924.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\97283.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\9779.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\FUD.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\NEWWANKER.exe a variant of MSIL/Injector.KX trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\Roamingcpxs68yqjj Nz.exe a variant of MSIL/Injector.KO trojan cleaned by deleting - quarantined
C:\Users\Luke\AppData\Local\Temp\OpenCandy\OCSetup Hlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
Reply With Quote
  #7  
Old September 27th, 2011, 01:24 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
The types of infectoins you have are information stealing trojans. If you do any online banking,credit card purchases etc. or have any sensitive financial informaton on the system, it may have been stolen. You should alert your bank and change your passwords by phone. Then do not use this system for anything sensitive until it has been cleaned up.

Please read these links:

- Identity theft.
http://www.dslreports.com/faq/10451

http://www.microsoft.com/athome/secu...ingVictim.mspx

-----------------------------

There may be a couple of false posiitives. But the files I really wanted gone were not touched.
Still in Safe Mode with Networking. let's use Malwarebytes.

Download Malwarebytes' Anti-Malware. (Scroll to the bottom of the page and click on the Blue button labeled Download free version.Here.

Double Click mbam-setup.exe (Vista and Windows7 users, right click on it and then click run as administrator) to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform full scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.


If it does call for a reboot, you'll have to allow it to boot to regular windows to finish the clean up.
Reply With Quote
  #8  
Old September 27th, 2011, 05:39 AM
Baysiide Baysiide is offline
New Member
 
Join Date: Sep 2011
Posts: 5
Thank you. I ran the Anti-Malware scan and it found even more files. I can see the hacker has taken some data. I'll be notifying my bank first thing in the morning.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7805

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514

9/27/2011 12:23:41 AM
mbam-log-2011-09-27 (00-23-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 395314
Time elapsed: 34 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(defa ult) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Luke\AppData\Local\microsoft\Windows\temp orary internet files\Content.IE5\NN4MMLYI\svchost[1].exe (Trojan.MSIL.Gen) -> Quarantined and deleted successfully.
c:\Users\Luke\AppData\Local\Temp\60803.exe (Trojan.MSIL.Gen) -> Quarantined and deleted successfully.
c:\Users\Luke\AppData\Roaming\microsoft\System\Ser vices\msconfig.exe (Trojan.MSIL.Gen) -> Quarantined and deleted successfully.
c:\Users\Luke\AppData\Roaming\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Luke\AppData\Local\Temp\pws_cdk.bss (Stolen.Data) -> Quarantined and deleted successfully.
c:\Users\Luke\AppData\Local\Temp\pws_mail.bss (Stolen.Data) -> Quarantined and deleted successfully.
c:\Users\Luke\AppData\Local\Temp\pws_mess.bss (Stolen.Data) -> Quarantined and deleted successfully.
c:\Users\Luke\AppData\Roaming\WinSec.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Reply With Quote
  #9  
Old September 27th, 2011, 06:45 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Good luck with your bank. Don't forget any passwords belonging to your email programs or games. Anything pprivate shoiud be changed.

OK. Please run otl.exe again. This time there will only be one log. Please post its contents and we'll see if anything new has been created.

Last edited by Mosaic1; September 27th, 2011 at 06:57 PM.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 03:19 PM.