Jump to content

ss.agentcore - cclearner+hjt logs


Recommended Posts

HELLLO MWB COMMUNITY! I have a virus!

I was wondering if yu could help me understand how to remove it?

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:09:54 PM, on 2/13/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\DAODx.exe

C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe

C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe

C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe

C:\Program Files (x86)\ASUS\EPU\EPU.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\G Data\TotalSecurity\AVKTray\AVKTray.exe

C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFirewallTray.exe

C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe

C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\TradeStation 9.1\Program\ORPlat.exe

C:\Program Files (x86)\TradeStation 9.1\Program\ordllhst.exe

C:\Program Files (x86)\TradeStation 9.1\Program\TradeStationAgentForms.exe

C:\Program Files (x86)\TradeStation 9.1\Program\whserver.exe

C:\Program Files (x86)\TradeStation 9.1\Program\orcal.exe

C:\Program Files (x86)\TradeStation 9.1\Program\orclprxy.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll

O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b

O4 - HKLM\..\Run: [six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b

O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalSecurity\AVKTray\AVKTray.exe

O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFirewallTray.exe

O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-159105747-3826651790-954724347-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-159105747-3826651790-954724347-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKService.exe

O23 - Service: G Data file system monitor (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKWCtlX64.exe

O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: G Data Backup Service (GDBackupSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalSecurity\AVKBackup\AVKBackupService.exe

O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFwSvcx64.exe

O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

O23 - Service: G Data Tuner Service (GDTunerSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalSecurity\AVKTuner\AVKTunerService.exe

O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SNMP Trap (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe

O23 - Service: G Data Filesafe Service (TSNxGService) - G Data Software - C:\Program Files (x86)\G Data\TotalSecurity\TSNxG\TSNxGService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 9509 bytes

Currently I am using G-Data Protection - I signed up for 2 year service :(

But they dont have great support forums like you guys do, so I will be sure to get mwb next time ;D

CLEANING COMPLETE - (14.496 secs)

------------------------------------------------------------------------------------------

1.59 MB removed.

Secure file deletion enabled - Simple Overwrite (1 pass)

------------------------------------------------------------------------------------------

Details of files deleted

------------------------------------------------------------------------------------------

Internet Explorer - Temporary Internet Files 1,393 KB 43 files

Internet Explorer - History 32 KB 1 files

System - Temporary Files 119 KB 4 files

System - Windows Log Files 9 KB 4 files

Firefox/Mozilla - Internet Cache Skipped

Firefox/Mozilla - Download History 64 KB 1 files

Multimedia - Steam 1 KB 3 files

Utilities - Windows Defender 8 KB 1 files

------------------------------------------------------------------------------------------

C:\Users\PuzzleHacker\AppData\Roaming\Mozilla\Firefox\Profiles\qw88ayj6.default\downloads.sqlite 64 KB

Firefox/Mozilla cache cleaning was skipped.

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{279D6CFF-A0D6-428E-8386-4786F120D841} 8 KB

C:\Program Files (x86)\Steam\steam.log 1 KB

C:\Program Files (x86)\Steam\Logs\connection_log.txt 1 KB

C:\Program Files (x86)\Steam\debug.log 0 KB

C:\Windows\setuperr.log 0 KB

C:\Windows\setupact.log 1 KB

C:\Windows\Logs\CBS\CBS.log 8 KB

C:\Windows\inf\setupapi.app.log 1 KB

C:\Windows\TEMP\HP\AtStatus\spoolsv.log 2 KB

C:\Windows\TEMP\HP\AtStatus\hpinksts5c12lm.log 4 KB

C:\Users\PuzzleHacker\AppData\Local\Temp\~DFC79A8E917B1EA94C.TMP 112 KB

C:\Users\PuzzleHacker\AppData\Local\Temp\AdobeARM.log 2 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013021320130214\index.dat 32 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMRP21CG\taffy[1] 41 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMRP21CG\ss.agentcore.utils.ui[1] 31 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMRP21CG\ss.agentcore.utils.system[1] 31 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMRP21CG\ss.agentcore.smapi.utils[1] 27 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMRP21CG\ss.agentcore.network.netcheck[1] 57 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMRP21CG\ss.agentcore.model.steplist[1] 45 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMRP21CG\ss.agentcore.events[1] 13 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMRP21CG\ss.agentcore.dal.file[1] 29 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMRP21CG\ss.agentcore.dal.config[1] 68 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMRP21CG\ss.agentcore.app[1] 6 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMRP21CG\log4js-mod[1] 71 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZGPJ47G\ss.agentcore.utils[1] 49 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZGPJ47G\ss.agentcore.supportaction[1] 8 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZGPJ47G\ss.agentcore.ns[1] 2 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZGPJ47G\ss.agentcore.network.inet[1] 35 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZGPJ47G\ss.agentcore.MVC[1] 90 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZGPJ47G\ss.agentcore.exceptions[1] 5 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZGPJ47G\ss.agentcore.dna.protectrestore[1] 32 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZGPJ47G\ss.agentcore.dal.ini[1] 5 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZGPJ47G\ss.agentcore.dal.history[1] 33 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZGPJ47G\ss.agentcore.constants.smartissue[1] 6 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZGPJ47G\json2[1] 18 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFINPM7U\ss.agentcore.smapi.methods[1] 86 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFINPM7U\ss.agentcore.shell[1] 36 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFINPM7U\ss.agentcore.network.network[1] 56 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFINPM7U\ss.agentcore.log[1] 8 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFINPM7U\ss.agentcore.diagnostics.smartissue[1] 19 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFINPM7U\ss.agentcore.dal.xml[1] 37 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFINPM7U\ss.agentcore.dal.registry[1] 15 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFINPM7U\ss.agentcore.dal.databag[1] 12 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFINPM7U\ss.agentcore.constants[1] 31 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFINPM7U\jquery.plugins[1] 92 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACL2LQGR\XMLToJSON[1] 8 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACL2LQGR\ss.agentcore.utils.string[1] 16 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACL2LQGR\ss.agentcore.utils.activex[1] 5 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACL2LQGR\ss.agentcore.reporting[1] 30 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACL2LQGR\ss.agentcore.MVC.base[1] 40 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACL2LQGR\ss.agentcore.lockdown[1] 3 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACL2LQGR\ss.agentcore.devices.usb[1] 12 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACL2LQGR\ss.agentcore.dal.service[1] 9 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACL2LQGR\ss.agentcore.dal.http[1] 16 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACL2LQGR\ss.agentcore.dal.content[1] 44 KB

C:\Users\PuzzleHacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACL2LQGR\jquery[1] 138 KB

In particular of interest are the ss.agent files on the ccleaner. I use firefox not IE so it is very weird this pops up - It is definitely a virus.

Can you help me understand what it is or how to remove it?

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

http://tigzy.geeksto...ueKillerX64.exe <---use this one for 64 bit systems

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>
Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run 1:10:15 on 2013-02-14

Microsoft Windows 7 Professional [GMT -5:00]

.

AV: G Data TotalSecurity 2013 *Enabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}

SP: G Data TotalSecurity 2013 *Enabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKWCtlX64.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe

C:\Windows\DAODx.exe

C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKService.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\ASUS.SYS\config\DVMExportService.exe

C:\Program Files (x86)\G Data\TotalSecurity\AVKBackup\AVKBackupService.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe

C:\Program Files (x86)\G Data\TotalSecurity\TSNxG\TSNxGService.exe

C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFwSvcx64.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe

C:\Program Files (x86)\ASUS\EPU\EPU.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\G Data\TotalSecurity\AVKTray\AVKTray.exe

C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFirewallTray.exe

C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe

C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Media Player\wmprph.exe

C:\Windows\System32\vds.exe

C:\Program Files\CCleaner\CCleaner64.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: G Data BankGuard: {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

mRun: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b

mRun: [six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalSecurity\AVKTray\AVKTray.exe

mRun: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFirewallTray.exe

mRun: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{EA9A3111-6749-4740-A762-F418AD0096EE} : DHCPNameServer = 192.168.1.1

SSODL: WebCheck - <orphaned>

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\PuzzleHacker\AppData\Roaming\Mozilla\Firefox\Profiles\qw88ayj6.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - ExtSQL: 2013-01-17 22:29; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\PuzzleHacker\AppData\Roaming\Mozilla\Firefox\Profiles\qw88ayj6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-02-06 18:37; {906305f7-aafc-45e9-8bbd-941950a84dad}; C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}

.

============= SERVICES / DRIVERS ===============

.

R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2013-1-17 15224]

R0 GDBehave;GDBehave;C:\Windows\System32\drivers\GDBehave.sys [2013-1-17 54176]

R0 TS4NT;TS4nt driver;C:\Windows\System32\drivers\TS4nt.sys [2013-1-17 98760]

R1 GDMnIcpt;GDMnIcpt;C:\Windows\System32\drivers\MiniIcpt.sys [2013-1-17 126880]

R1 gdwfpcd;G Data WFP CD;C:\Windows\System32\drivers\gdwfpcd64.sys [2013-1-17 65008]

R1 GRD;G Data Rootkit Detector Driver;C:\Windows\System32\drivers\GRD.sys [2013-2-9 106648]

R1 HookCentre;HookCentre;C:\Windows\System32\drivers\HookCentre.sys [2013-1-17 64416]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2013-1-17 96896]

R2 AVKProxy;G Data AntiVirus Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2013-2-6 1548312]

R2 AVKService;G Data Scheduler;C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKService.exe [2013-2-6 469016]

R2 AVKWCtl;G Data file system monitor;C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKWCtlx64.exe [2013-2-6 2012592]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2012-7-30 8515544]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488]

R2 GDBackupSvc;G Data Backup Service;C:\Program Files (x86)\G Data\TotalSecurity\AVKBackup\AVKBackupService.exe [2013-2-6 1650128]

R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 352248]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2012-12-10 206120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2012-12-10 185640]

R2 TSNxGService;G Data Filesafe Service;C:\Program Files (x86)\G Data\TotalSecurity\TSNxG\TSNxGService.exe [2012-5-24 306216]

R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_6.3.38355.0.sys [2012-5-16 17408]

R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2013-1-17 318840]

R3 dlusbaudio;dlusbaudio;C:\Windows\System32\drivers\dlusbaudio_x64.sys [2012-7-30 192120]

R3 GDFwSvc;G Data Personal Firewall;C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFwSvcx64.exe [2013-2-6 2377736]

R3 GDPkIcpt;GDPkIcpt;C:\Windows\System32\drivers\PktIcpt.sys [2013-1-17 62368]

R3 GDScan;G Data Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-3-29 470008]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-17 346144]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-1-17 39480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 GDTunerSvc;G Data Tuner Service;C:\Program Files (x86)\G Data\TotalSecurity\AVKTuner\AVKTunerService.exe [2012-5-14 1219096]

S3 OXUDIDRV;OXUDIDRV;C:\Windows\System32\drivers\OXUDIDRV_x64.sys [2013-2-5 31280]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

.

=============== Created Last 30 ================

.

2013-02-13 20:07:57 388096 ----a-r- C:\Users\PuzzleHacker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-02-13 20:07:57 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-02-09 18:15:56 16504 ----a-w- C:\Windows\System32\drivers\GdPhyMem.sys

2013-02-09 18:15:55 106648 ----a-w- C:\Windows\System32\drivers\GRD.sys

2013-02-09 10:07:10 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDB777F8-9F40-4F74-8F02-3C294F697A6C}\mpengine.dll

2013-02-09 05:41:40 -------- d-----w- C:\Users\PuzzleHacker\AppData\Roaming\The Creative Assembly

2013-02-06 23:37:10 52176 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}\Components\BanksafeXPCOM.dll

2013-02-06 02:07:45 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs

2013-02-06 02:07:45 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat

2013-02-06 00:45:46 778088 ------w- C:\Windows\System32\HPDiscoPM5C12.dll

2013-02-06 00:45:02 -------- d-----w- C:\Program Files (x86)\HP

2013-02-06 00:44:17 -------- d-----w- C:\Program Files\HP

2013-02-06 00:43:06 -------- d-----w- C:\Users\PuzzleHacker\AppData\Local\HP

2013-02-05 22:42:07 -------- d-----w- C:\Windows\System32\appmgmt

2013-02-05 20:05:34 -------- d-----w- C:\Users\PuzzleHacker\AppData\Local\PLX_Technology

2013-02-05 20:05:17 31280 ----a-w- C:\Windows\System32\drivers\OXUDIDRV_x64.sys

2013-02-05 20:05:00 -------- d-----w- C:\Program Files\Iomega

2013-02-05 14:32:34 -------- d-----w- C:\Users\PuzzleHacker\AppData\Local\SupportSoft

2013-02-05 14:32:17 -------- d-----w- C:\Program Files (x86)\VERIZONDM

2013-02-05 14:32:12 -------- d-----w- C:\Windows\VDM

2013-02-05 14:32:12 -------- d-----w- C:\Program Files (x86)\Verizon

2013-02-05 14:32:12 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft

2013-01-19 20:57:54 -------- d-----w- C:\Users\PuzzleHacker\AppData\Local\Adobe

2013-01-19 19:54:27 -------- d-----w- C:\Program Files\Common Files\EPSON

2013-01-19 18:47:26 -------- d-----w- C:\Program Files (x86)\epson

2013-01-19 18:46:51 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON

2013-01-19 18:46:23 -------- d-----w- C:\Program Files (x86)\EPSON Software

2013-01-19 18:46:05 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL

2013-01-19 18:46:03 83968 ----a-w- C:\Windows\System32\E_YD4BIVE.DLL

2013-01-19 18:46:03 120320 ----a-w- C:\Windows\System32\E_YLMIVE.DLL

2013-01-19 18:45:56 -------- d-----w- C:\ProgramData\EPSON

2013-01-19 00:02:59 508264 ----a-w- C:\Windows\System32\d3dx10_35.dll

2013-01-18 23:12:37 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2013-01-18 23:12:36 -------- d-----w- C:\Program Files (x86)\Steam

2013-01-18 15:43:03 978711 ----a-w- C:\Windows\SysWow64\sig.bin

2013-01-18 08:27:34 -------- d-----w- C:\Users\PuzzleHacker\AppData\Local\Macromedia

2013-01-18 08:16:34 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-01-18 08:16:34 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-01-18 08:16:34 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-01-18 08:16:34 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-01-18 08:12:55 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-18 08:12:55 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-18 08:04:09 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2013-01-18 08:04:09 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-01-18 08:04:09 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-01-18 08:04:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-01-18 08:04:09 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-01-18 08:04:09 100864 ----a-w- C:\Windows\System32\fontsub.dll

2013-01-18 08:03:35 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-01-18 08:03:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-01-18 08:03:35 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-01-18 08:03:35 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-01-18 08:03:34 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-01-18 08:03:34 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-01-18 08:03:34 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-01-18 08:02:38 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-01-18 08:01:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-01-18 08:01:57 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-01-18 08:01:57 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-01-18 08:01:56 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-01-18 08:01:56 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-01-18 07:57:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-01-18 07:57:49 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-01-18 07:55:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2013-01-18 07:42:45 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-01-18 07:42:45 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-01-18 07:42:45 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-01-18 07:42:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2013-01-18 07:42:45 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-01-18 07:42:45 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-01-18 07:42:39 77312 ----a-w- C:\Windows\System32\packager.dll

2013-01-18 07:42:39 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-01-18 05:52:45 -------- d-----w- C:\Program Files\DisplayLink Graphics

2013-01-18 05:06:30 -------- d-----w- C:\Users\PuzzleHacker\AppData\Local\Audible

2013-01-18 04:50:56 -------- d-----w- C:\Program Files (x86)\Common Files\TradeStation Technologies

2013-01-18 04:50:53 -------- d-----w- C:\Program Files (x86)\TradeStation 9.0

2013-01-18 04:50:05 -------- d-----w- C:\Users\PuzzleHacker\AppData\Roaming\TradeStation Technologies

2013-01-18 04:41:38 -------- d-----w- C:\Users\PuzzleHacker\AppData\Local\Deployment

2013-01-18 04:41:38 -------- d-----w- C:\Users\PuzzleHacker\AppData\Local\Apps

2013-01-18 04:13:49 255352 ----a-w- C:\Windows\SysWow64\awrdscdc.ax

2013-01-18 04:13:45 24576 ------w- C:\Windows\SysWow64\msxml3a.dll

2013-01-18 04:13:40 -------- d-----w- C:\Program Files (x86)\Audible

2013-01-18 03:21:01 -------- d-----w- C:\Users\PuzzleHacker\AppData\Local\Mozilla

2013-01-18 02:34:05 -------- d-----w- C:\Windows\Panther

2013-01-18 01:34:38 -------- d-----w- C:\Program Files\CCleaner

2013-01-18 01:19:07 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2013-01-18 01:12:21 -------- d--h--w- C:\temp

2013-01-18 01:12:21 -------- d--h--w- C:\dvmexp

2013-01-18 01:11:43 -------- d--h--w- C:\ASUS.000

2013-01-18 01:11:07 -------- d--h--w- C:\ASUS.SYS

2013-01-18 00:52:44 -------- d-----w- C:\Windows\SysWow64\BioAPIFFDB

2013-01-18 00:52:41 98760 ----a-w- C:\Windows\System32\drivers\TS4nt.sys

2013-01-18 00:52:36 62368 ----a-w- C:\Windows\System32\drivers\PktIcpt.sys

2013-01-18 00:52:28 64416 ----a-w- C:\Windows\System32\drivers\HookCentre.sys

2013-01-18 00:52:28 126880 ----a-w- C:\Windows\System32\drivers\MiniIcpt.sys

2013-01-18 00:52:27 54176 ----a-w- C:\Windows\System32\drivers\GDBehave.sys

2013-01-18 00:52:25 65008 ----a-w- C:\Windows\System32\drivers\gdwfpcd64.sys

2013-01-18 00:51:58 -------- d-----w- C:\ProgramData\G DATA Software

2013-01-18 00:51:57 -------- d-----w- C:\ProgramData\G DATA

2013-01-18 00:51:57 -------- d-----w- C:\Program Files (x86)\G Data

2013-01-18 00:51:57 -------- d-----w- C:\Program Files (x86)\Common Files\G Data

2013-01-18 00:39:05 318840 ----a-w- C:\Windows\System32\drivers\dlkmd.sys

2013-01-18 00:39:05 15224 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys

2013-01-18 00:37:51 0 ----a-w- C:\Windows\SysWow64\dlumdfb9.dll

2013-01-18 00:37:51 0 ----a-w- C:\Windows\SysWow64\dlumdfb11.dll

2013-01-18 00:37:51 0 ----a-w- C:\Windows\SysWow64\dlumdfb10.dll

2013-01-18 00:37:51 0 ----a-w- C:\Windows\SysWow64\dlumd9.dll

2013-01-18 00:37:51 0 ----a-w- C:\Windows\SysWow64\dlumd11.dll

2013-01-18 00:37:51 0 ----a-w- C:\Windows\SysWow64\dlumd10.dll

2013-01-18 00:37:51 0 ----a-w- C:\Windows\System32\dlumd9.dll

2013-01-18 00:37:51 0 ----a-w- C:\Windows\System32\dlumd11.dll

2013-01-18 00:37:51 0 ----a-w- C:\Windows\System32\dlumd10.dll

2013-01-18 00:36:53 -------- d-----w- C:\ProgramData\ASUS OC Profiles

2013-01-18 00:33:20 -------- d-----w- C:\Program Files\DisplayLink Core Software

2013-01-18 00:32:16 63336 ----a-w- C:\Windows\System32\nvshext.dll

2013-01-18 00:32:16 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-01-18 00:31:36 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2013-01-18 00:31:27 -------- d-----w- C:\Program Files\NVIDIA Corporation

2013-01-18 00:31:27 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2013-01-18 00:30:18 315904 ----a-w- C:\Windows\SysWow64\Difx39c5.rra

2013-01-18 00:30:18 -------- d-----w- C:\RaidTool

2013-01-18 00:30:10 115824 ----a-w- C:\Windows\System32\drivers\jraid.sys

2013-01-18 00:30:09 -------- d-----w- C:\Windows\RaidTool

2013-01-18 00:30:00 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2013-01-18 00:30:00 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2013-01-18 00:30:00 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2013-01-18 00:30:00 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2013-01-18 00:30:00 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2013-01-18 00:30:00 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2013-01-18 00:29:59 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2013-01-18 00:29:59 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2013-01-18 00:28:58 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2013-01-18 00:28:58 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2013-01-18 00:28:58 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2013-01-18 00:26:54 -------- d-----w- C:\Program Files (x86)\NEC Electronics

2013-01-18 00:26:30 -------- d-----w- C:\Users\PuzzleHacker\AppData\Local\Downloaded Installations

2013-01-18 00:26:06 -------- d--h--w- C:\Program Files (x86)\DeviceVM

2013-01-18 00:24:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-01-18 00:23:36 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-01-18 00:23:10 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-01-18 00:23:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2013-01-18 00:22:18 24576 ----a-r- C:\Windows\SysWow64\AsIO.dll

2013-01-18 00:22:18 13440 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys

2013-01-18 00:22:18 -------- d-----w- C:\Program Files (x86)\ASUS

2013-01-18 00:22:14 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

2013-01-18 00:22:14 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

2013-01-18 00:22:14 -------- d-----w- C:\Program Files\ASUS

2013-01-18 00:22:05 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2013-01-18 00:22:05 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2013-01-18 00:22:05 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll

2013-01-18 00:22:05 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2013-01-18 00:21:33 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2013-01-18 00:21:33 346144 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2013-01-18 00:21:33 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2013-01-18 00:20:17 39480 ----a-w- C:\Windows\System32\drivers\usbfilter.sys

2013-01-18 00:20:16 -------- d-----w- C:\Program Files (x86)\AMD

2013-01-18 00:20:10 16440 ----a-w- C:\Windows\System32\drivers\AtiPcie.sys

2013-01-18 00:20:07 -------- d-----w- C:\Program Files\ATI

2013-01-18 00:19:29 -------- d-sh--w- C:\Windows\Installer

2013-01-18 00:17:06 -------- d-----w- C:\Windows\AsusInstAll

.

==================== Find3M ====================

.

2013-01-17 15:39:18 11240 ----a-w- C:\Windows\SysWow64\GdScrSv.en.dll

2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

.

============= FINISH: 1:10:46.31 ===============

I did not download roguekiller b/c I do not trust anything made by avg. Just reading their pp and eula is enough for me.

Link to post
Share on other sites

I did not download roguekiller b/c I do not trust anything made by avg. Just reading their pp and eula is enough for me.

RogueKiller is not made by AVG, is used thousands of times a day and safe.

We have to run it along with several other tools, if you don't want to run the tools then I can't help you.

RogueKiller is zipped up and attached.

I need to see the Attach.txt from DDS also.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.