Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

another privitizeVPN topic


  • Please log in to reply
6 replies to this topic

#1 krazyistkarl

krazyistkarl

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 01 May 2013 - 05:21 PM

hi, new here and not sure of all the forum rules here, I saw a bunch of privitizeVPN threads and they all are posting logs, I read a few where Gringo says to run security check, ADWcleaner and rougue killer and have included the logs.

 

So I too have accidentally downloaded privitizeVPN however spybot and Avira stopped it and as far as I know It never installed on my machine, but every time I restart it prompts me once again to try install. Im also running windows 8 and am still leaning my way around it having jumped up from xp.

 

I ran the security check and here is the log

 Results of screen317's Security Check version 0.99.63 

   x64 (UAC is enabled) 

 Internet Explorer 9 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

Windows Defender  

Avira Desktop     

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:`````````

 Spybot - Search & Destroy

 Java 7 Update 17 

 Java version out of Date!

 Adobe Flash Player        11.6.602.180 

 Adobe Reader 10.1.6 Adobe Reader out of Date! 

 Mozilla Firefox (20.0.1)

 Google Chrome 26.0.1410.43 

 Google Chrome 26.0.1410.64 

````````Process Check: objlist.exe by Laurent```````` 

 Avira Antivir avgnt.exe

 Avira Antivir avguard.exe

 Symantec Norton Online Backup NOBuAgent.exe 

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C:  %

````````````````````End of Log``````````````````````

 

 

 

 

Adwcleaner log

# AdwCleaner v2.300 - Logfile created 05/01/2013 at 15:28:20

# Updated 28/04/2013 by Xplode

# Operating system : Windows 8  (64 bits)

# User : Karl - KARL

# Boot Mode : Normal

# Running from : C:\Users\Karl\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [Services] *****

 

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\ProgramData\boost_interprocess

File Deleted : C:\END

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\ProgramData\clsoft ltd

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\MagnniPyic

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagnniPyic

Folder Deleted : C:\Users\Karl\AppData\Local\Conduit

Folder Deleted : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Folder Deleted : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Extensions\kahfllagfglabieecplolcgleopojlnk

Folder Deleted : C:\Users\Karl\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\CT3220468

Folder Deleted : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

Folder Deleted : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\extensions\ououuioiio@cvg-o.net

Folder Deleted : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\Smartbar

Folder Deleted : C:\Users\Karl\AppData\Roaming\OpenCandy

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{453B99F8-2A5D-844B-F696-C94BA5F5389F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{453B99F8-2A5D-844B-F696-C94BA5F5389F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EB03EF39-C655-D560-FA95-79182B837D64}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

 

***** [Internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16537

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v20.0.1 (en-US)

 

File : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\prefs.js

 

C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\7c4lqwg4.default\user.js ... Deleted !

 

Deleted : user_pref("CT3220468.129571859753082121.isToggled_item0_12", "true");

Deleted : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2NTAyNjY4NiwidXVpZCI6NjU5OTIwNTQyMDYyMTQxLCJ[...]

Deleted : user_pref("CT3220468.CBOpenMAMSettings.enc", "MA==");

Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT3220468.FirstTime", "true");

Deleted : user_pref("CT3220468.FirstTimeFF3", "true");

Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);

Deleted : user_pref("CT3220468.PG_ENABLE.enc", "dHJ1ZQ==");

Deleted : user_pref("CT3220468.RevertSettingsEnabled", true);

Deleted : user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]

Deleted : user_pref("CT3220468.UserID", "UN26627400871916374");

Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT3220468.autoDisableScopes", -1);

Deleted : user_pref("CT3220468.browser.search.defaultthis.engineName", true);

Deleted : user_pref("CT3220468.cb_user_id_000.enc", "Q0IxNzU2MTQ2MjgyNTVfMTM2NTAyNjU1NjAzOF9GaXJlZm94");

Deleted : user_pref("CT3220468.cbcountry_001.enc", "Q0E=");

Deleted : user_pref("CT3220468.cbfirsttime.enc", "RnJpIERlYyAyMSAyMDEyIDExOjI0OjU1IEdNVC0wNjAwIChDYW5hZGEgQ2Vu[...]

Deleted : user_pref("CT3220468.defaultSearch", "true");

Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT3220468.enableAlerts", "always");

Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");

Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "true");

Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");

Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");

Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");

Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT3220468.fixUrls", true);

Deleted : user_pref("CT3220468.installType", "xpe");

Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);

Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");

Deleted : user_pref("CT3220468.isNewTabEnabled", true);

Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");

Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.keyword", true);

Deleted : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]

Deleted : user_pref("CT3220468.lastVersion", "10.15.0.562");

Deleted : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM2NTAyNjU1Mzc5MQ==");

Deleted : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24=");

Deleted : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24=");

Deleted : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]

Deleted : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");

Deleted : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5Iiw[...]

Deleted : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS40LjQuNg==");

Deleted : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");

Deleted : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM2NTAyNjU1MzQwNw==");

Deleted : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]

Deleted : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");

Deleted : user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]

Deleted : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");

Deleted : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");

Deleted : user_pref("CT3220468.mam_gk_userId.enc", "NjA4Njg2ZjAtNTQ2Yy00YzU2LThlZjEtODllZmJiOGQ3NTYy");

Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);

Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"prince albert\",\"EB_MAIN_FRAME_[...]

Deleted : user_pref("CT3220468.openThankYouPage", "true");

Deleted : user_pref("CT3220468.openUninstallPage", "false");

Deleted : user_pref("CT3220468.revertSettingsEnabled", "false");

Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");

Deleted : user_pref("CT3220468.search.searchCount", "1");

Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");

Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1365026652794");

Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1365482317863");

Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1365026653065");

Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1365477429667");

Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358306680017");

Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1363983504644");

Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359767959501");

Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361067796335");

Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1362984621015");

Deleted : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365477427710");

Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1365026653157");

Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1365477429673");

Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1365477428146");

Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1365026652952");

Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1365482317733");

Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1365477427973");

Deleted : user_pref("CT3220468.settingsINI", true);

Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");

Deleted : user_pref("CT3220468.showToolbarPermission", "false");

Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");

Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");

Deleted : user_pref("CT3220468.smartbar.homepage", true);

Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");

Deleted : user_pref("CT3220468.startPage", "userChanged");

Deleted : user_pref("CT3220468.toolbarBornServerTime", "21-12-2012");

Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "9-4-2013");

Deleted : user_pref("CT3220468.toolbarDisabled", "true");

Deleted : user_pref("CT3220468.toolbarLoginClientTime", "Thu Mar 14 2013 10:25:07 GMT-0600 (Canada Central Sta[...]

Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Deleted : user_pref("Smartbar.ConduitHomepagesList", "");

Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search");

Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468[...]

Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");

Deleted : user_pref("browser.search.order.1", "Search The Web (privitize)");

Deleted : user_pref("browser.search.selectedEngine", "Search The Web (privitize)");

Deleted : user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");

Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3220468");

Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13[...]

Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Deleted : user_pref("smartbar.machineId", "MUDSGAQTWAJHTN6BHXSM8DBGHMDVF+SKOTKQROACNR1BB23RUFH9TKC+MQT89AJXHXY[...]

Deleted : user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

Deleted : user_pref("smartbar.originalSearchAddressUrl", "");

Deleted : user_pref("smartbar.originalSearchEngine", false);

 

-\\ Google Chrome v26.0.1410.64

 

File : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [14050 octets] - [01/05/2013 00:11:22]

AdwCleaner[S1].txt - [287 octets] - [30/04/2013 23:21:35]

AdwCleaner[S2].txt - [287 octets] - [01/05/2013 00:14:23]

AdwCleaner[S3].txt - [14473 octets] - [01/05/2013 15:28:20]

 

########## EOF - C:\AdwCleaner[S3].txt - [14534 octets] ##########

 

 

 

Rogue killer

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Karl [Admin rights]

Mode : DNSFix -- Date : 05/01/2013 16:02:41

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

Finished : << RKreport[4]_DN_05012013_02d1602.txt >>

RKreport[1]_S_05012013_02d1558.txt ; RKreport[2]_D_05012013_02d1600.txt ; RKreport[3]_PR_05012013_02d1602.txt ; RKreport[4]_DN_05012013_02d1602.txt

 

 

 



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:07 PM

Posted 01 May 2013 - 09:01 PM

Welcome aboard p22002758.gif

 

RogueKiller is not allowed in this forum.

 

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif NOTE. Make sure all logs are pasted not attached.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 01 May 2013 - 10:55 PM

I apologize if this isnt the right way to post these logs FSS log Farbar Service Scanner Version: 14-04-2013 Ran by Karl (administrator) on 01-05-2013 at 21:25:14 Running from "C:\Users\Karl\Downloads" Windows 8 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Attempt to access Yahoo IP returned error. Yahoo IP is offline Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is set to Demand. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"". Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2013-04-11 20:30] - [2013-03-02 03:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll [2013-04-11 20:30] - [2013-03-01 20:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll [2013-03-19 00:28] - [2013-01-28 17:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1 C:\Program Files\Windows Defender\MsMpEng.exe [2013-03-19 00:28] - [2013-01-28 19:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561 C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Mini tool box log MiniToolBox by Farbar Version:21-04-2013 Ran by Karl (administrator) on 01-05-2013 at 21:27:32 Running from "C:\Users\Karl\Downloads" Windows 8 (X64) Boot Mode: Normal *************************************************************************** ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. ========================= FF Proxy Settings: ============================== "network.proxy.autoconfig_url", "https://mediahint.com/default.pac" "network.proxy.backup.ftp", "198.154.114.100" "network.proxy.backup.ftp_port", 8080 "network.proxy.backup.socks", "198.154.114.100" "network.proxy.backup.socks_port", 8080 "network.proxy.backup.ssl", "198.154.114.100" "network.proxy.backup.ssl_port", 8080 "network.proxy.ftp", "198.154.114.100" "network.proxy.ftp_port", 8080 "network.proxy.http", "198.154.114.100" "network.proxy.http_port", 8080 "network.proxy.share_proxy_settings", true "network.proxy.socks", "198.154.114.100" "network.proxy.socks_port", 8080 "network.proxy.ssl", "198.154.114.100" "network.proxy.ssl_port", 8080 "network.proxy.type", 2 ========================= Hosts content: ================================= ========================= IP Configuration: ================================ Qualcomm Atheros AR946x Wireless Network Adapter = Wi-Fi (Connected) Realtek PCIe GBE Family Controller = Ethernet (Media disconnected) Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled set interface interface="Local Area Connection* 14" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Karl Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Local Area Connection* 13: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter Physical Address. . . . . . . . . : 52-B7-C3-4E-AA-12 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : 50-B7-C3-4E-AA-13 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter Physical Address. . . . . . . . . : 12-B7-C3-4E-AA-12 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Qualcomm Atheros AR946x Wireless Network Adapter Physical Address. . . . . . . . . : 50-B7-C3-4E-AA-12 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::35a9:cd92:3ecc:5293%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.43.53(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : May 1, 2013 9:22:59 PM Lease Expires . . . . . . . . . . : May 1, 2013 10:22:59 PM Default Gateway . . . . . . . . . : 192.168.43.1 DHCP Server . . . . . . . . . . . : 192.168.43.1 DHCPv6 IAID . . . . . . . . . . . : 367526810 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-75-5D-C7-50-B7-C3-6D-A9-16 DNS Servers . . . . . . . . . . . : 8.8.8.8 8.8.4.4 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Ethernet: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 50-B7-C3-6D-A9-16 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:281b:3bc6:3f57:d4ca(Preferred) Link-local IPv6 Address . . . . . : fe80::281b:3bc6:3f57:d4ca%16(Preferred) Default Gateway . . . . . . . . . : :: DHCPv6 IAID . . . . . . . . . . . : 553648128 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-75-5D-C7-50-B7-C3-6D-A9-16 NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{4875BE79-F449-4F9A-9944-12B1554EA772}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 8.8.8.8 Name: google.com Addresses: 2607:f8b0:400a:801::1004 173.194.33.33 173.194.33.34 173.194.33.35 173.194.33.37 173.194.33.46 173.194.33.41 173.194.33.32 173.194.33.38 173.194.33.36 173.194.33.40 173.194.33.39 Pinging google.com [173.194.33.33] with 32 bytes of data: Reply from 173.194.33.33: bytes=32 time=249ms TTL=53 Reply from 173.194.33.33: bytes=32 time=323ms TTL=53 Ping statistics for 173.194.33.33: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 249ms, Maximum = 323ms, Average = 286ms Server: google-public-dns-a.google.com Address: 8.8.8.8 Name: yahoo.com Addresses: 98.138.253.109 98.139.183.24 206.190.36.45 Pinging yahoo.com [98.138.253.109] with 32 bytes of data: Reply from 98.138.253.109: bytes=32 time=313ms TTL=48 Reply from 98.138.253.109: bytes=32 time=332ms TTL=48 Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 313ms, Maximum = 332ms, Average = 322ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 19...52 b7 c3 4e aa 12 ......Microsoft Hosted Network Virtual Adapter 17...50 b7 c3 4e aa 13 ......Bluetooth Device (Personal Area Network) 14...12 b7 c3 4e aa 12 ......Microsoft Wi-Fi Direct Virtual Adapter 13...50 b7 c3 4e aa 12 ......Qualcomm Atheros AR946x Wireless Network Adapter 12...50 b7 c3 6d a9 16 ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.53 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.43.0 255.255.255.0 On-link 192.168.43.53 281 192.168.43.53 255.255.255.255 On-link 192.168.43.53 281 192.168.43.255 255.255.255.255 On-link 192.168.43.53 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.43.53 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.43.53 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 16 306 ::/0 On-link 1 306 ::1/128 On-link 16 306 2001::/32 On-link 16 306 2001:0:5ef5:79fd:281b:3bc6:3f57:d4ca/128 On-link 13 281 fe80::/64 On-link 16 306 fe80::/64 On-link 16 306 fe80::281b:3bc6:3f57:d4ca/128 On-link 13 281 fe80::35a9:cd92:3ecc:5293/128 On-link 1 306 ff00::/8 On-link 16 306 ff00::/8 On-link 13 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation) Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation) Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation) Catalog5 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) Catalog5 06 C:\windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation) Catalog5 07 C:\windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation) Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Catalog9 01 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) Catalog9 02 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) Catalog9 03 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) Catalog9 04 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) Catalog9 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) Catalog9 06 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) Catalog9 07 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) Catalog9 08 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) Catalog9 09 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) Catalog9 10 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) Catalog9 11 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation) x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation) x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (05/01/2013 02:40:04 PM) (Source: Application Hang) (User: ) Description: The program firefox.exe version 20.0.1.4847 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e50 Start Time: 01ce46983a1b2242 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 4b9faa96-b29f-11e2-be8d-50b7c34eaa13 Faulting package full name: Faulting package-relative application ID: Error: (05/01/2013 00:18:03 PM) (Source: Application Hang) (User: ) Description: The program firefox.exe version 20.0.1.4847 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 9f0 Start Time: 01ce468e2f6b0f5d Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 759a26d4-b28b-11e2-be8d-50b7c34eaa13 Faulting package full name: Faulting package-relative application ID: Error: (04/30/2013 11:52:27 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error: (04/30/2013 08:03:05 PM) (Source: Application Error) (User: ) Description: Faulting application name: EasySettingsCmdServer.exe, version: 0.0.0.0, time stamp: 0x50376629 Faulting module name: EasySettingsBase.dll, version: 0.0.0.0, time stamp: 0x5039da3f Exception code: 0xc0000005 Fault offset: 0x00001f7b Faulting process id: 0x914 Faulting application start time: 0xEasySettingsCmdServer.exe0 Faulting application path: EasySettingsCmdServer.exe1 Faulting module path: EasySettingsCmdServer.exe2 Report Id: EasySettingsCmdServer.exe3 Faulting package full name: EasySettingsCmdServer.exe4 Faulting package-relative application ID: EasySettingsCmdServer.exe5 Error: (04/30/2013 02:07:31 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error: (04/30/2013 01:17:25 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error: (04/29/2013 10:49:45 PM) (Source: Application Error) (User: ) Description: Faulting application name: x-force_2012_x64.exe, version: 0.0.0.0, time stamp: 0x4d79f1d7 Faulting module name: x-force_2012_x64.exe, version: 0.0.0.0, time stamp: 0x4d79f1d7 Exception code: 0xc0000005 Fault offset: 0x00049e77 Faulting process id: 0x4f0 Faulting application start time: 0xx-force_2012_x64.exe0 Faulting application path: x-force_2012_x64.exe1 Faulting module path: x-force_2012_x64.exe2 Report Id: x-force_2012_x64.exe3 Faulting package full name: x-force_2012_x64.exe4 Faulting package-relative application ID: x-force_2012_x64.exe5 Error: (04/29/2013 10:09:53 PM) (Source: Luc) (User: ) Description: Folder C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures doesn't exist. Error: (04/29/2013 10:09:34 PM) (Source: MsiInstaller) (User: KARL) Description: Product: AutoCAD 2012 - English -- Error :: Please install DirectX before installing AutoCAD 2012 - English. Error: (04/29/2013 08:28:20 PM) (Source: Luc) (User: ) Description: Folder C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures doesn't exist. System errors: ============= Error: (04/30/2013 05:32:55 PM) (Source: Service Control Manager) (User: ) Description: The SBSD Security Center Service service failed to start due to the following error: %%1053 Error: (04/30/2013 05:32:55 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect. Error: (04/30/2013 05:32:16 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 5:20:43 PM on ?4/?30/?2013 was unexpected. Error: (04/25/2013 00:42:42 PM) (Source: BTHUSB) (User: ) Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (04/25/2013 00:42:42 PM) (Source: BTHUSB) (User: ) Description: The address for the local adapter changed. The driver has unloaded from this device due to this error. Error: (04/18/2013 08:03:06 PM) (Source: BTHUSB) (User: ) Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (04/18/2013 08:03:06 PM) (Source: BTHUSB) (User: ) Description: The address for the local adapter changed. The driver has unloaded from this device due to this error. Error: (04/16/2013 09:52:32 PM) (Source: Application Popup) (User: ) Description: dg_ssudbusinvalid character Error: (04/16/2013 09:52:32 PM) (Source: Application Popup) (User: ) Description: dg_ssudbusinvalid character Error: (04/16/2013 09:45:27 PM) (Source: Application Popup) (User: ) Description: dg_ssudbusinvalid character Microsoft Office Sessions: ========================= Error: (05/01/2013 02:40:04 PM) (Source: Application Hang)(User: ) Description: firefox.exe20.0.1.4847e5001ce46983a1b22424294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe4b9faa96-b29f-11e2-be8d-50b7c34eaa13 Error: (05/01/2013 00:18:03 PM) (Source: Application Hang)(User: ) Description: firefox.exe20.0.1.48479f001ce468e2f6b0f5d4294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe759a26d4-b28b-11e2-be8d-50b7c34eaa13 Error: (04/30/2013 11:52:27 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8 Error: (04/30/2013 08:03:05 PM) (Source: Application Error)(User: ) Description: EasySettingsCmdServer.exe0.0.0.050376629EasySettingsBase.dll0.0.0.05039da3fc000000500001f7b91401ce45fc67903ff6C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exeC:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll4266d85f-b203-11e2-be8d-50b7c34eaa13 Error: (04/30/2013 02:07:31 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8 Error: (04/30/2013 01:17:25 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8 Error: (04/29/2013 10:49:45 PM) (Source: Application Error)(User: ) Description: x-force_2012_x64.exe0.0.0.04d79f1d7x-force_2012_x64.exe0.0.0.04d79f1d7c000000500049e774f001ce455e15ac5c80C:\Users\Karl\Downloads\autocad2012 x64\x-force_2012_x64.exeC:\Users\Karl\Downloads\autocad2012 x64\x-force_2012_x64.exe60badd3f-b151-11e2-be8a-50b7c34eaa13 Error: (04/29/2013 10:09:53 PM) (Source: Luc)(User: ) Description: C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures Error: (04/29/2013 10:09:34 PM) (Source: MsiInstaller)(User: KARL) Description: Product: AutoCAD 2012 - English -- Error :: Please install DirectX before installing AutoCAD 2012 - English.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/29/2013 08:28:20 PM) (Source: Luc)(User: ) Description: C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures =========================== Installed Programs ============================ µTorrent (Version: 3.2.3.28705) Adobe Flash Player 11 Plugin (Version: 11.6.602.180) Adobe Reader X (10.1.6) MUI (Version: 10.1.6) AMD Catalyst Install Manager (Version: 8.0.881.0) AutoCAD 2012 - English (Version: 18.2.51.0) AutoCAD 2012 Language Pack - English (Version: 18.2.51.0) Autodesk Content Service (Version: 2.0.90) Autodesk Inventor Fusion 2012 (Version: 1.0.0.79) Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79) Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138) Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138) Autodesk Material Library 2012 (Version: 2.5.0.8) Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8) Avira Free Antivirus (Version: 13.0.0.3499) Bonjour (Version: 2.0.2.0) CardRecovery 6.10 Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center InstallProxy (Version: 2012.0808.1024.16666) CyberLink Power2Go 8 (Version: 8.0.0.1912) CyberLink PowerDVD 10 (Version: 10.0.4421.02) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition doubleTwist (Version: 3.2.2.17028) Easy File Share (Version: 1.3.4) eSupport UndeletePlus 3.0.3.1206 ETDWare PS/2-X64 11.7.2.1_WHQL (Version: 11.7.2.1) FARO LS 1.1.406.58 (Version: 4.6.58.2) ffdshow [rev 2527] [2008-12-19] (Version: 1.0) Garmin BaseCamp (Version: 4.0.5) Garmin USB Drivers (Version: 2.3.1.0) Google Chrome (Version: 26.0.1410.64) Google Update Helper (Version: 1.3.21.135) Help Desk (Version: 1.0.4) Java 7 Update 17 (Version: 7.0.170) Java Auto Updater (Version: 2.1.9.0) MagniPic (Version: 1.0) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1) Mozilla Maintenance Service (Version: 20.0.1) MyFreeCodec Norton Online Backup (Version: 2.2.3.45) Norton Online Backup ARA (Version: 4.1.0.11) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.206) Qualcomm Atheros Client Installation Program (Version: 10.0) Quick Starter (Version: 1.0.0) Realtek Ethernet Controller Driver (Version: 8.2.612.2012) Realtek High Definition Audio Driver (Version: 6.0.1.6699) Recovery (Version: 6.0.5.0) S Agent (Version: 1.0.9) Samsung Kies (Version: 2.5.1.12123_2) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0) Settings (Version: 2.0.0) Spybot - Search & Destroy (Version: 1.6.2) Support Center (Version: 2.0.8) Support Center FAQ (Version: 1.0.0) SW Update (Version: 2.1.6) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition User Guide (Version: 1.1.00) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0) Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735) ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 24% Total physical RAM: 7639.07 MB Available physical RAM: 5794.93 MB Total Pagefile: 15319.07 MB Available Pagefile: 12814.27 MB Total Virtual: 4095.88 MB Available Virtual: 3967.59 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:908.25 GB) (Free:301.72 GB) NTFS ========================= Users: ======================================== User accounts for \\KARL Administrator Guest Karl **** End of log **** Anti-Malware log Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.01.08 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16540 Karl :: KARL [limited] 2013-05-01 7:38:00 PM mbam-log-2013-05-01 (19-38-00).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 524815 Time elapsed: 2 hour(s), 11 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Karl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4FZSM43\517f0a642fe21[1].exe (PUP.Adware.MultiPlug) -> Quarantined and deleted successfully. C:\Users\Karl\Downloads\Garmin_Canada_Topo_Saskatchewan.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully. (end) Anti-rootkit log --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.2.9200 Windows 8 x64 Account is Non-administrative Internet Explorer version: 10.0.9200.16540 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.996000 GHz Memory total: 8010141696, free: 6615781376 ------------ Kernel report ------------ 05/01/2013 19:20:14 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\system32\drivers\tpm.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\amd_sata.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\amd_xata.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\avkmgr.sys \SystemRoot\system32\DRIVERS\avipbb.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt630x64.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\System32\drivers\usbohci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\ETD.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\athw8x.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \SystemRoot\System32\drivers\RadioHIDMini.sys \SystemRoot\System32\drivers\mshidkmdf.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\amdppm.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\btath_bus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\AtihdW86.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amd_sata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\system32\DRIVERS\btfilter.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\BthLEEnum.sys \SystemRoot\System32\drivers\rfcomm.sys \SystemRoot\System32\drivers\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\System32\drivers\btath_rcp.sys \SystemRoot\system32\drivers\btath_avdt.sys \SystemRoot\system32\drivers\btath_a2dp.sys \SystemRoot\System32\drivers\btath_hcrp.sys \SystemRoot\system32\DRIVERS\btath_flt.sys \SystemRoot\system32\DRIVERS\btath_lwflt.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\avgntflt.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\windows\system32\drivers\iPodDrv.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\mbamswissarmy.sys ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8008499060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\0000003c\ Lower Device Object: 0xfffffa80079b17f0 Lower Device Driver Name: \Driver\amd_sata\ Driver name found: amd_sata Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0) Load Function returned 0x0 Initializing... Done! <<<2>>> Device number: 0, partition: 4 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8008499060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008499b10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008499060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa80079b2b20, DeviceName: Unknown, DriverName: \Driver\amd_xata\ DevicePointer: 0xfffffa80079b17f0, DeviceName: \Device\0000003c\, DriverName: \Driver\amd_sata\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0xfffff8a00ae49e10, 0xfffffa8008499060, 0xfffffa80082b2740 Lower DeviceData: 0xfffff8a00d01bad0, 0xfffffa80079b17f0, 0xfffffa8007575090 Partition type: GUID <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\windows\system32\drivers... <<<2>>> Device number: 0, partition: 4 Partition type: GUID <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 3AD3F720 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2491018531 GPT Header CurrentLba = 1 BackupLba 1953525167 GPT Header FirstUsableLba 34 LastUsableLba 1953525134 GPT Header Guid d943fd10-19-46f7-a65d-676455c535 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2491018531 Backup GPT header CurrentLba = 1953525167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134 Backup GPT header Guid d943fd10-19-46f7-a65d-676455c535 Backup GPT header Contains 128 partition entries starting at LBA 1953525135 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 31d6b398-9a4c-4915-82ab-13875450f6ad FirstLBA 2048 Last LBA 1026047 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID 7ea264b4-cc89-415a-b89-65fd94eb4e70 FirstLBA 1026048 Last LBA 1640447 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID a86f5cc2-19e9-46d1-b4c6-80f3a7b49e5 FirstLBA 1640448 Last LBA 1902591 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 6e9cfd77-226b-4df1-998d-a983d171629b FirstLBA 1902592 Last LBA 1906642944 Attributes 0 Partition Name Basic data partition Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 969dc38-db35-467a-bf59-2b6ec8976340 FirstLBA 1906642945 Last LBA 1951426560 Attributes 1 Partition Name Basic data partition Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 4297739d-e530-4de0-4173-636c65706975 FirstLBA 1951426561 Last LBA 1953523712 Attributes 1 Partition Name Basic data partition Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Infected: c:\Users\Karl\downloads\garmin_canada_topo_saskatchewan.exe --> [PUP.Adware.Agent] Infected: c:\Users\Karl\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\Q4FZSM43\517f0a642fe21[1].exe --> [Adware.MultiPlug] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\boot.img --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\CERT.RSA --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\CERT.SF --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\MANIFEST.MF --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\android --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\android\metadata --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\android\otacert --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google\android --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google\android\update-binary --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google\android\updater-script --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\build.prop --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\addon.d --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\addon.d\50-cm.sh --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\addon.d\blacklist --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\defaultcontainerservice.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\livewallpapers.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Apollo.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\applicationsprovider.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\backuprestoreconfirmation.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\basicdreams.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\bluetooth.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Browser.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\calculator.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Calendar.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\calendarprovider.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cellbroadcastreceiver.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\certinstaller.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cmfilemanager.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cmupdater.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cmwallpapers.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Contacts.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\contactsprovider.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\deskclock.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\development.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\downloadprovider.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\downloadproviderui.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\drmprovider.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\dspmanager.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Email2.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\exchange2.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\fusedlocation.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Galaxy4.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\galaxys3settings.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Gallery2.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\holospiralwallpaper.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\htmlviewer.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\inputdevices.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\KeyChain.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\LatinIME.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\livewallpaperspicker.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\lockclock.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\magicsmokewallpapers.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\mediaprovider.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Mms.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Nfc.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\noisefield.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\packageinstaller.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\phasebeam.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Phone.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\phototable.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\PicoTts.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\provision.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\quicksearchbox.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Settings.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\settingsprovider.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\sharedstoragebackup.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\soundrecorder.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Stk.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\SystemUI.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Tag.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\telephonyprovider.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Term.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\themechooser.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\thememanager.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Torch.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\trebuchet.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\userdictionaryprovider.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\videoeditor.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\visualizationwallpapers.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\voicedialer.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\vpndialogs.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\wappushmanager.apk --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bugmailer.sh --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\fsck_msdos --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\abcc --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\adb --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\alsaucm_test --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\am --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\amix --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\aplay --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\applypatch --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\app_process --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\arec --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\atrace --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\audioloop --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\backuptool.functions --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\backuptool.sh --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bcm4334.hcd --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bcm4334_murata.hcd --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bcm4334_semco.hcd --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bmgr --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bootanimation --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bu --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bugreport --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\codec --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\compcache --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\content --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\corrupt_gdt_free_blocks --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dalvikvm --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dbus-daemon --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\debuggerd --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\decoder --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dexopt --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dhcpcd --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dnsmasq --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\drmserver --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dumpstate --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dumpsys --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dump_image --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\e2fsck --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\erase_image --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\flash_image --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\gdbserver --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\gzip --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\handle_compcache --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\hostapd --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\hostapd_cli --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ime --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\input --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\installd --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ip --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ip6tables --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\iptables --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\keystore --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\keystore_cli --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\linker --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\logcat --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\logwrapper --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\macloader --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\make_ext4fs --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mdnsd --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mediaserver --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mke2fs --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mksh --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-qcamera-daemon --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-vdec-omx-test --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-venc-omx-test720p --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-video-driver-test --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-video-encdrv-test --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\monkey --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mpdecision --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mtpd --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ndc --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\netcfg --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\netd --> [Trojan.Siredef.C] Done! Scan finished Mbar log Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.03.22.01 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16540 Karl :: KARL [limited] 2013-05-01 7:46:08 PM mbar-log-2013-05-01 (19-46-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 10202 Time elapsed: 25 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 10 c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\android (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google\android (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\addon.d (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin (Trojan.Siredef.C) -> Delete on reboot. Files Detected: 154 c:\Users\Karl\downloads\garmin_canada_topo_saskatchewan.exe (PUP.Adware.Agent) -> Delete on reboot. c:\Users\Karl\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\Q4FZSM43\517f0a642fe21[1].exe (Adware.MultiPlug) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\boot.img (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\CERT.RSA (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\CERT.SF (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\MANIFEST.MF (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\android\metadata (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\android\otacert (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google\android\update-binary (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google\android\updater-script (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\build.prop (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\addon.d\50-cm.sh (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\addon.d\blacklist (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\defaultcontainerservice.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\livewallpapers.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Apollo.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\applicationsprovider.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\backuprestoreconfirmation.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\basicdreams.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\bluetooth.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Browser.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\calculator.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Calendar.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\calendarprovider.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cellbroadcastreceiver.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\certinstaller.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cmfilemanager.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cmupdater.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cmwallpapers.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Contacts.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\contactsprovider.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\deskclock.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\development.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\downloadprovider.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\downloadproviderui.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\drmprovider.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\dspmanager.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Email2.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\exchange2.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\fusedlocation.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Galaxy4.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\galaxys3settings.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Gallery2.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\holospiralwallpaper.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\htmlviewer.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\inputdevices.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\KeyChain.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\LatinIME.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\livewallpaperspicker.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\lockclock.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\magicsmokewallpapers.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\mediaprovider.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Mms.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Nfc.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\noisefield.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\packageinstaller.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\phasebeam.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Phone.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\phototable.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\PicoTts.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\provision.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\quicksearchbox.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Settings.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\settingsprovider.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\sharedstoragebackup.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\soundrecorder.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Stk.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\SystemUI.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Tag.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\telephonyprovider.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Term.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\themechooser.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\thememanager.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Torch.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\trebuchet.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\userdictionaryprovider.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\videoeditor.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\visualizationwallpapers.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\voicedialer.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\vpndialogs.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\wappushmanager.apk (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bugmailer.sh (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\fsck_msdos (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\abcc (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\adb (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\alsaucm_test (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\am (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\amix (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\aplay (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\applypatch (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\app_process (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\arec (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\atrace (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\audioloop (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\backuptool.functions (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\backuptool.sh (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bcm4334.hcd (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bcm4334_murata.hcd (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bcm4334_semco.hcd (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bmgr (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bootanimation (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bu (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bugreport (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\codec (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\compcache (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\content (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\corrupt_gdt_free_blocks (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dalvikvm (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dbus-daemon (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\debuggerd (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\decoder (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dexopt (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dhcpcd (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dnsmasq (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\drmserver (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dumpstate (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dumpsys (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dump_image (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\e2fsck (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\erase_image (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\flash_image (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\gdbserver (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\gzip (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\handle_compcache (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\hostapd (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\hostapd_cli (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ime (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\input (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\installd (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ip (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ip6tables (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\iptables (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\keystore (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\keystore_cli (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\linker (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\logcat (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\logwrapper (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\macloader (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\make_ext4fs (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mdnsd (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mediaserver (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mke2fs (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mksh (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-qcamera-daemon (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-vdec-omx-test (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-venc-omx-test720p (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-video-driver-test (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-video-encdrv-test (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\monkey (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mpdecision (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mtpd (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ndc (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\netcfg (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\netd (Trojan.Siredef.C) -> Delete on reboot. (end)

#4 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 01 May 2013 - 10:58 PM

oh wow sorry about that, I'll try again

 

FSS log

Farbar Service Scanner Version: 14-04-2013

Ran by Karl (administrator) on 01-05-2013 at 21:25:14

Running from "C:\Users\Karl\Downloads"

Windows 8  (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Attempt to access Yahoo IP returned error. Yahoo IP is offline

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Action Center:

============

 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is set to Demand. The default start type is Auto.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

 

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

 

 

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2013-04-11 20:30] - [2013-03-02 03:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE

 

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll

[2013-04-11 20:30] - [2013-03-01 20:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A

 

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll

[2013-03-19 00:28] - [2013-01-28 17:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

 

C:\Program Files\Windows Defender\MsMpEng.exe

[2013-03-19 00:28] - [2013-01-28 19:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

 

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

 

 

 

 

 

Mini tool box log

MiniToolBox by Farbar  Version:21-04-2013

Ran by Karl (administrator) on 01-05-2013 at 21:27:32

Running from "C:\Users\Karl\Downloads"

Windows 8  (X64)

Boot Mode: Normal

***************************************************************************

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

========================= FF Proxy Settings: ==============================

 

"network.proxy.autoconfig_url", "https://mediahint.com/default.pac"

"network.proxy.backup.ftp", "198.154.114.100"

"network.proxy.backup.ftp_port", 8080

"network.proxy.backup.socks", "198.154.114.100"

"network.proxy.backup.socks_port", 8080

"network.proxy.backup.ssl", "198.154.114.100"

"network.proxy.backup.ssl_port", 8080

"network.proxy.ftp", "198.154.114.100"

"network.proxy.ftp_port", 8080

"network.proxy.http", "198.154.114.100"

"network.proxy.http_port", 8080

"network.proxy.share_proxy_settings", true

"network.proxy.socks", "198.154.114.100"

"network.proxy.socks_port", 8080

"network.proxy.ssl", "198.154.114.100"

"network.proxy.ssl_port", 8080

"network.proxy.type", 2

========================= Hosts content: =================================

 

 

 

========================= IP Configuration: ================================

 

Qualcomm Atheros AR946x Wireless Network Adapter = Wi-Fi (Connected)

Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)

Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 14" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : Karl

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Broadcast

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

 

Wireless LAN adapter Local Area Connection* 13:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter

   Physical Address. . . . . . . . . : 52-B7-C3-4E-AA-12

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Ethernet adapter Bluetooth Network Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)

   Physical Address. . . . . . . . . : 50-B7-C3-4E-AA-13

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Local Area Connection* 12:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

   Physical Address. . . . . . . . . : 12-B7-C3-4E-AA-12

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wi-Fi:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Qualcomm Atheros AR946x Wireless Network Adapter

   Physical Address. . . . . . . . . : 50-B7-C3-4E-AA-12

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::35a9:cd92:3ecc:5293%13(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.43.53(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : May 1, 2013 9:22:59 PM

   Lease Expires . . . . . . . . . . : May 1, 2013 10:22:59 PM

   Default Gateway . . . . . . . . . : 192.168.43.1

   DHCP Server . . . . . . . . . . . : 192.168.43.1

   DHCPv6 IAID . . . . . . . . . . . : 367526810

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-75-5D-C7-50-B7-C3-6D-A9-16

   DNS Servers . . . . . . . . . . . : 8.8.8.8

                                       8.8.4.4

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Ethernet adapter Ethernet:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

   Physical Address. . . . . . . . . : 50-B7-C3-6D-A9-16

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:281b:3bc6:3f57:d4ca(Preferred)

   Link-local IPv6 Address . . . . . : fe80::281b:3bc6:3f57:d4ca%16(Preferred)

   Default Gateway . . . . . . . . . : ::

   DHCPv6 IAID . . . . . . . . . . . : 553648128

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-75-5D-C7-50-B7-C3-6D-A9-16

   NetBIOS over Tcpip. . . . . . . . : Disabled

 

Tunnel adapter isatap.{4875BE79-F449-4F9A-9944-12B1554EA772}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

DNS request timed out.

    timeout was 2 seconds.

Server:  UnKnown

Address:  8.8.8.8

 

Name:    google.com

Addresses:  2607:f8b0:400a:801::1004

                  173.194.33.33

                  173.194.33.34

                  173.194.33.35

                  173.194.33.37

                  173.194.33.46

                  173.194.33.41

                  173.194.33.32

                  173.194.33.38

                  173.194.33.36

                  173.194.33.40

                  173.194.33.39

 

 

Pinging google.com [173.194.33.33] with 32 bytes of data:

Reply from 173.194.33.33: bytes=32 time=249ms TTL=53

Reply from 173.194.33.33: bytes=32 time=323ms TTL=53

 

Ping statistics for 173.194.33.33:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 249ms, Maximum = 323ms, Average = 286ms

Server:  google-public-dns-a.google.com

Address:  8.8.8.8

 

Name:    yahoo.com

Addresses:  98.138.253.109

                  98.139.183.24

                  206.190.36.45

 

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=313ms TTL=48

Reply from 98.138.253.109: bytes=32 time=332ms TTL=48

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 313ms, Maximum = 332ms, Average = 322ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

 19...52 b7 c3 4e aa 12 ......Microsoft Hosted Network Virtual Adapter

 17...50 b7 c3 4e aa 13 ......Bluetooth Device (Personal Area Network)

 14...12 b7 c3 4e aa 12 ......Microsoft Wi-Fi Direct Virtual Adapter

 13...50 b7 c3 4e aa 12 ......Qualcomm Atheros AR946x Wireless Network Adapter

 12...50 b7 c3 6d a9 16 ......Realtek PCIe GBE Family Controller

  1...........................Software Loopback Interface 1

 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0     192.168.43.1    192.168.43.53     25

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

     192.168.43.0    255.255.255.0         On-link     192.168.43.53    281

    192.168.43.53  255.255.255.255         On-link     192.168.43.53    281

   192.168.43.255  255.255.255.255         On-link     192.168.43.53    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link     192.168.43.53    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link     192.168.43.53    281

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

 16    306 ::/0                     On-link

  1    306 ::1/128                  On-link

 16    306 2001::/32                On-link

 16    306 2001:0:5ef5:79fd:281b:3bc6:3f57:d4ca/128

                                    On-link

 13    281 fe80::/64                On-link

 16    306 fe80::/64                On-link

 16    306 fe80::281b:3bc6:3f57:d4ca/128

                                    On-link

 13    281 fe80::35a9:cd92:3ecc:5293/128

                                    On-link

  1    306 ff00::/8                 On-link

 16    306 ff00::/8                 On-link

 13    281 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)

Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)

Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)

Catalog5 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)

Catalog5 06 C:\windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)

Catalog5 07 C:\windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)

Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)

Catalog9 01 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)

Catalog9 02 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)

Catalog9 03 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)

Catalog9 04 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)

Catalog9 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)

Catalog9 06 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)

Catalog9 07 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)

Catalog9 08 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)

Catalog9 09 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)

Catalog9 10 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)

Catalog9 11 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)

x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)

x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (05/01/2013 02:40:04 PM) (Source: Application Hang) (User: )

Description: The program firefox.exe version 20.0.1.4847 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: e50

 

Start Time: 01ce46983a1b2242

 

Termination Time: 4294967295

 

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

 

Report Id: 4b9faa96-b29f-11e2-be8d-50b7c34eaa13

 

Faulting package full name:

 

Faulting package-relative application ID:

 

Error: (05/01/2013 00:18:03 PM) (Source: Application Hang) (User: )

Description: The program firefox.exe version 20.0.1.4847 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 9f0

 

Start Time: 01ce468e2f6b0f5d

 

Termination Time: 4294967295

 

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

 

Report Id: 759a26d4-b28b-11e2-be8d-50b7c34eaa13

 

Faulting package full name:

 

Faulting package-relative application ID:

 

Error: (04/30/2013 11:52:27 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

 

Error: (04/30/2013 08:03:05 PM) (Source: Application Error) (User: )

Description: Faulting application name: EasySettingsCmdServer.exe, version: 0.0.0.0, time stamp: 0x50376629

Faulting module name: EasySettingsBase.dll, version: 0.0.0.0, time stamp: 0x5039da3f

Exception code: 0xc0000005

Fault offset: 0x00001f7b

Faulting process id: 0x914

Faulting application start time: 0xEasySettingsCmdServer.exe0

Faulting application path: EasySettingsCmdServer.exe1

Faulting module path: EasySettingsCmdServer.exe2

Report Id: EasySettingsCmdServer.exe3

Faulting package full name: EasySettingsCmdServer.exe4

Faulting package-relative application ID: EasySettingsCmdServer.exe5

 

Error: (04/30/2013 02:07:31 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

 

Error: (04/30/2013 01:17:25 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

 

Error: (04/29/2013 10:49:45 PM) (Source: Application Error) (User: )

Description: Faulting application name: x-force_2012_x64.exe, version: 0.0.0.0, time stamp: 0x4d79f1d7

Faulting module name: x-force_2012_x64.exe, version: 0.0.0.0, time stamp: 0x4d79f1d7

Exception code: 0xc0000005

Fault offset: 0x00049e77

Faulting process id: 0x4f0

Faulting application start time: 0xx-force_2012_x64.exe0

Faulting application path: x-force_2012_x64.exe1

Faulting module path: x-force_2012_x64.exe2

Report Id: x-force_2012_x64.exe3

Faulting package full name: x-force_2012_x64.exe4

Faulting package-relative application ID: x-force_2012_x64.exe5

 

Error: (04/29/2013 10:09:53 PM) (Source: Luc) (User: )

Description: Folder C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures doesn't exist.

 

Error: (04/29/2013 10:09:34 PM) (Source: MsiInstaller) (User: KARL)

Description: Product: AutoCAD 2012 - English -- Error :: Please install DirectX before installing AutoCAD 2012 - English.

 

Error: (04/29/2013 08:28:20 PM) (Source: Luc) (User: )

Description: Folder C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures doesn't exist.

 

 

System errors:

=============

Error: (04/30/2013 05:32:55 PM) (Source: Service Control Manager) (User: )

Description: The SBSD Security Center Service service failed to start due to the following error:

%%1053

 

Error: (04/30/2013 05:32:55 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

 

Error: (04/30/2013 05:32:16 PM) (Source: EventLog) (User: )

Description: The previous system shutdown at 5:20:43 PM on ?4/?30/?2013 was unexpected.

 

Error: (04/25/2013 00:42:42 PM) (Source: BTHUSB) (User: )

Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

 

Error: (04/25/2013 00:42:42 PM) (Source: BTHUSB) (User: )

Description: The address for the local adapter changed. The driver has unloaded from this device due to this error.

 

Error: (04/18/2013 08:03:06 PM) (Source: BTHUSB) (User: )

Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

 

Error: (04/18/2013 08:03:06 PM) (Source: BTHUSB) (User: )

Description: The address for the local adapter changed. The driver has unloaded from this device due to this error.

 

Error: (04/16/2013 09:52:32 PM) (Source: Application Popup) (User: )

Description: dg_ssudbusinvalid character

 

Error: (04/16/2013 09:52:32 PM) (Source: Application Popup) (User: )

Description: dg_ssudbusinvalid character

 

Error: (04/16/2013 09:45:27 PM) (Source: Application Popup) (User: )

Description: dg_ssudbusinvalid character

 

 

Microsoft Office Sessions:

=========================

Error: (05/01/2013 02:40:04 PM) (Source: Application Hang)(User: )

Description: firefox.exe20.0.1.4847e5001ce46983a1b22424294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe4b9faa96-b29f-11e2-be8d-50b7c34eaa13

 

Error: (05/01/2013 00:18:03 PM) (Source: Application Hang)(User: )

Description: firefox.exe20.0.1.48479f001ce468e2f6b0f5d4294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe759a26d4-b28b-11e2-be8d-50b7c34eaa13

 

Error: (04/30/2013 11:52:27 PM) (Source: SideBySide)(User: )

Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8

 

Error: (04/30/2013 08:03:05 PM) (Source: Application Error)(User: )

Description: EasySettingsCmdServer.exe0.0.0.050376629EasySettingsBase.dll0.0.0.05039da3fc000000500001f7b91401ce45fc67903ff6C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exeC:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll4266d85f-b203-11e2-be8d-50b7c34eaa13

 

Error: (04/30/2013 02:07:31 PM) (Source: SideBySide)(User: )

Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8

 

Error: (04/30/2013 01:17:25 PM) (Source: SideBySide)(User: )

Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8

 

Error: (04/29/2013 10:49:45 PM) (Source: Application Error)(User: )

Description: x-force_2012_x64.exe0.0.0.04d79f1d7x-force_2012_x64.exe0.0.0.04d79f1d7c000000500049e774f001ce455e15ac5c80C:\Users\Karl\Downloads\autocad2012 x64\x-force_2012_x64.exeC:\Users\Karl\Downloads\autocad2012 x64\x-force_2012_x64.exe60badd3f-b151-11e2-be8a-50b7c34eaa13

 

Error: (04/29/2013 10:09:53 PM) (Source: Luc)(User: )

Description: C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures

 

Error: (04/29/2013 10:09:34 PM) (Source: MsiInstaller)(User: KARL)

Description: Product: AutoCAD 2012 - English -- Error :: Please install DirectX before installing AutoCAD 2012 - English.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (04/29/2013 08:28:20 PM) (Source: Luc)(User: )

Description: C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures

 

 

=========================== Installed Programs ============================

 

µTorrent (Version: 3.2.3.28705)

Adobe Flash Player 11 Plugin (Version: 11.6.602.180)

Adobe Reader X (10.1.6) MUI (Version: 10.1.6)

AMD Catalyst Install Manager (Version: 8.0.881.0)

AutoCAD 2012 - English (Version: 18.2.51.0)

AutoCAD 2012 Language Pack - English (Version: 18.2.51.0)

Autodesk Content Service (Version: 2.0.90)

Autodesk Inventor Fusion 2012 (Version: 1.0.0.79)

Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79)

Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138)

Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138)

Autodesk Material Library 2012 (Version: 2.5.0.8)

Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8)

Avira Free Antivirus (Version: 13.0.0.3499)

Bonjour (Version: 2.0.2.0)

CardRecovery 6.10

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center InstallProxy (Version: 2012.0808.1024.16666)

CyberLink Power2Go 8 (Version: 8.0.0.1912)

CyberLink PowerDVD 10 (Version: 10.0.4421.02)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

doubleTwist (Version: 3.2.2.17028)

Easy File Share (Version: 1.3.4)

eSupport UndeletePlus 3.0.3.1206

ETDWare PS/2-X64 11.7.2.1_WHQL (Version: 11.7.2.1)

FARO LS 1.1.406.58 (Version: 4.6.58.2)

ffdshow [rev 2527] [2008-12-19] (Version: 1.0)

Garmin BaseCamp (Version: 4.0.5)

Garmin USB Drivers (Version: 2.3.1.0)

Google Chrome (Version: 26.0.1410.64)

Google Update Helper (Version: 1.3.21.135)

Help Desk (Version: 1.0.4)

Java 7 Update 17 (Version: 7.0.170)

Java Auto Updater (Version: 2.1.9.0)

MagniPic (Version: 1.0)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Professional 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)

Mozilla Maintenance Service (Version: 20.0.1)

MyFreeCodec

Norton Online Backup (Version: 2.2.3.45)

Norton Online Backup ARA (Version: 4.1.0.11)

Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.206)

Qualcomm Atheros Client Installation Program (Version: 10.0)

Quick Starter (Version: 1.0.0)

Realtek Ethernet Controller Driver (Version: 8.2.612.2012)

Realtek High Definition Audio Driver (Version: 6.0.1.6699)

Recovery (Version: 6.0.5.0)

S Agent (Version: 1.0.9)

Samsung Kies (Version: 2.5.1.12123_2)

SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)

Settings (Version: 2.0.0)

Spybot - Search & Destroy (Version: 1.6.2)

Support Center (Version: 2.0.8)

Support Center FAQ (Version: 1.0.0)

SW Update (Version: 2.1.6)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

User Guide (Version: 1.1.00)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)

Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735)

 

========================= Devices: ================================

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 24%

Total physical RAM: 7639.07 MB

Available physical RAM: 5794.93 MB

Total Pagefile: 15319.07 MB

Available Pagefile: 12814.27 MB

Total Virtual: 4095.88 MB

Available Virtual: 3967.59 MB

 

========================= Partitions: =====================================

 

1 Drive c: () (Fixed) (Total:908.25 GB) (Free:301.72 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\KARL

 

Administrator            Guest                    Karl                    

 

 

**** End of log ****

 

 

Anti-Malware log

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.05.01.08

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16540

Karl :: KARL [limited]

 

2013-05-01 7:38:00 PM

mbam-log-2013-05-01 (19-38-00).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 524815

Time elapsed: 2 hour(s), 11 minute(s), 41 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 2

C:\Users\Karl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4FZSM43\517f0a642fe21[1].exe (PUP.Adware.MultiPlug) -> Quarantined and deleted successfully.

C:\Users\Karl\Downloads\Garmin_Canada_Topo_Saskatchewan.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.

 

(end)

Anti-rootkit log

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.2.9200 Windows 8 x64

 

Account is Non-administrative

 

Internet Explorer version: 10.0.9200.16540

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.996000 GHz

Memory total: 8010141696, free: 6615781376

 

------------ Kernel report ------------

     05/01/2013 19:20:14

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\system32\drivers\tpm.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\amd_sata.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\System32\drivers\amd_xata.sys

\SystemRoot\System32\drivers\EhStorClass.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\drivers\cdrom.sys

\SystemRoot\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\avkmgr.sys

\SystemRoot\system32\DRIVERS\avipbb.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\System32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\Rt630x64.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\SystemRoot\System32\drivers\usbohci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\ETD.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\athw8x.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\System32\drivers\wmiacpi.sys

\SystemRoot\System32\drivers\CmBatt.sys

\SystemRoot\System32\drivers\BATTC.SYS

\SystemRoot\System32\drivers\RadioHIDMini.sys

\SystemRoot\System32\drivers\mshidkmdf.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\System32\drivers\amdppm.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\ks.sys

\SystemRoot\System32\drivers\btath_bus.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\System32\drivers\USBD.SYS

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\AtihdW86.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_amd_sata.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\system32\DRIVERS\btfilter.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\BthLEEnum.sys

\SystemRoot\System32\drivers\rfcomm.sys

\SystemRoot\System32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\System32\drivers\btath_rcp.sys

\SystemRoot\system32\drivers\btath_avdt.sys

\SystemRoot\system32\drivers\btath_a2dp.sys

\SystemRoot\System32\drivers\btath_hcrp.sys

\SystemRoot\system32\DRIVERS\btath_flt.sys

\SystemRoot\system32\DRIVERS\btath_lwflt.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\avgntflt.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\windows\system32\drivers\iPodDrv.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\drivers\condrv.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\System32\drivers\monitor.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\mbamswissarmy.sys

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8008499060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000003c\

Lower Device Object: 0xfffffa80079b17f0

Lower Device Driver Name: \Driver\amd_sata\

Driver name found: amd_sata

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)

Load Function returned 0x0

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 4

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8008499060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8008499b10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8008499060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa80079b2b20, DeviceName: Unknown, DriverName: \Driver\amd_xata\

DevicePointer: 0xfffffa80079b17f0, DeviceName: \Device\0000003c\, DriverName: \Driver\amd_sata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0xfffff8a00ae49e10, 0xfffffa8008499060, 0xfffffa80082b2740

Lower DeviceData: 0xfffff8a00d01bad0, 0xfffffa80079b17f0, 0xfffffa8007575090

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 4

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 3AD3F720

 

GPT Protective MBR Partition information:

 

    Partition 0 type is EFI-GPT (0xee)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1  Numsec = 4294967295

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

GPT Partition information:

 

    GPT Header Signature 4546492050415254

    GPT Header Revision 65536 Size 92 CRC 2491018531

    GPT Header CurrentLba = 1 BackupLba 1953525167

    GPT Header FirstUsableLba 34  LastUsableLba 1953525134

    GPT Header Guid d943fd10-19-46f7-a65d-676455c535

    GPT Header Contains 128 partition entries starting at LBA 2

    GPT Header Partition entry size = 128

 

    Backup GPT header Signature 4546492050415254

    Backup GPT header Revision 65536 Size 92 CRC 2491018531

    Backup GPT header CurrentLba = 1953525167 BackupLba 1

    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134

    Backup GPT header Guid d943fd10-19-46f7-a65d-676455c535

    Backup GPT header Contains 128 partition entries starting at LBA 1953525135

    Backup GPT header Partition entry size = 128

 

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 31d6b398-9a4c-4915-82ab-13875450f6ad

    FirstLBA 2048  Last LBA 1026047

    Attributes 1

    Partition Name                 Basic data partition

 

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

    Partition ID 7ea264b4-cc89-415a-b89-65fd94eb4e70

    FirstLBA 1026048  Last LBA 1640447

    Attributes 0

    Partition Name                 EFI system partition

 

    GPT Partition 1 is bootable

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae

    Partition ID a86f5cc2-19e9-46d1-b4c6-80f3a7b49e5

    FirstLBA 1640448  Last LBA 1902591

    Attributes 0

    Partition Name         Microsoft reserved partition

 

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

    Partition ID 6e9cfd77-226b-4df1-998d-a983d171629b

    FirstLBA 1902592  Last LBA 1906642944

    Attributes 0

    Partition Name                 Basic data partition

 

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 969dc38-db35-467a-bf59-2b6ec8976340

    FirstLBA 1906642945  Last LBA 1951426560

    Attributes 1

    Partition Name                 Basic data partition

 

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 4297739d-e530-4de0-4173-636c65706975

    FirstLBA 1951426561  Last LBA 1953523712

    Attributes 1

    Partition Name                 Basic data partition

 

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

 

Done!

Performing system, memory and registry scan...

Infected: c:\Users\Karl\downloads\garmin_canada_topo_saskatchewan.exe --> [PUP.Adware.Agent]

Infected: c:\Users\Karl\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\Q4FZSM43\517f0a642fe21[1].exe --> [Adware.MultiPlug]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\boot.img --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\CERT.RSA --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\CERT.SF --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\MANIFEST.MF --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\android --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\android\metadata --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\android\otacert --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google\android --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google\android\update-binary --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google\android\updater-script --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\build.prop --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\addon.d --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\addon.d\50-cm.sh --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\addon.d\blacklist --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\defaultcontainerservice.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\livewallpapers.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Apollo.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\applicationsprovider.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\backuprestoreconfirmation.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\basicdreams.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\bluetooth.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Browser.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\calculator.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Calendar.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\calendarprovider.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cellbroadcastreceiver.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\certinstaller.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cmfilemanager.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cmupdater.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cmwallpapers.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Contacts.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\contactsprovider.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\deskclock.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\development.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\downloadprovider.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\downloadproviderui.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\drmprovider.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\dspmanager.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Email2.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\exchange2.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\fusedlocation.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Galaxy4.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\galaxys3settings.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Gallery2.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\holospiralwallpaper.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\htmlviewer.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\inputdevices.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\KeyChain.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\LatinIME.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\livewallpaperspicker.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\lockclock.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\magicsmokewallpapers.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\mediaprovider.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Mms.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Nfc.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\noisefield.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\packageinstaller.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\phasebeam.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Phone.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\phototable.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\PicoTts.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\provision.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\quicksearchbox.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Settings.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\settingsprovider.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\sharedstoragebackup.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\soundrecorder.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Stk.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\SystemUI.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Tag.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\telephonyprovider.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Term.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\themechooser.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\thememanager.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Torch.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\trebuchet.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\userdictionaryprovider.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\videoeditor.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\visualizationwallpapers.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\voicedialer.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\vpndialogs.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\wappushmanager.apk --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bugmailer.sh --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\fsck_msdos --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\abcc --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\adb --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\alsaucm_test --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\am --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\amix --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\aplay --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\applypatch --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\app_process --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\arec --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\atrace --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\audioloop --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\backuptool.functions --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\backuptool.sh --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bcm4334.hcd --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bcm4334_murata.hcd --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bcm4334_semco.hcd --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bmgr --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bootanimation --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bu --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bugreport --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\codec --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\compcache --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\content --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\corrupt_gdt_free_blocks --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dalvikvm --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dbus-daemon --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\debuggerd --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\decoder --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dexopt --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dhcpcd --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dnsmasq --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\drmserver --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dumpstate --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dumpsys --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dump_image --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\e2fsck --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\erase_image --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\flash_image --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\gdbserver --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\gzip --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\handle_compcache --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\hostapd --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\hostapd_cli --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ime --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\input --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\installd --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ip --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ip6tables --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\iptables --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\keystore --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\keystore_cli --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\linker --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\logcat --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\logwrapper --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\macloader --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\make_ext4fs --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mdnsd --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mediaserver --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mke2fs --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mksh --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-qcamera-daemon --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-vdec-omx-test --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-venc-omx-test720p --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-video-driver-test --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-video-encdrv-test --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\monkey --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mpdecision --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mtpd --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ndc --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\netcfg --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\netd --> [Trojan.Siredef.C]

Done!

Scan finished

 

 

Mbar log

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org

 

Database version: v2013.03.22.01

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16540

Karl :: KARL [limited]

 

2013-05-01 7:46:08 PM

mbar-log-2013-05-01 (19-46-08).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 10202

Time elapsed: 25 minute(s), 40 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 10

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\android (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google\android (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\addon.d (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin (Trojan.Siredef.C) -> Delete on reboot.

 

Files Detected: 154

c:\Users\Karl\downloads\garmin_canada_topo_saskatchewan.exe (PUP.Adware.Agent) -> Delete on reboot.

c:\Users\Karl\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\Q4FZSM43\517f0a642fe21[1].exe (Adware.MultiPlug) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\boot.img (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\CERT.RSA (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\CERT.SF (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\MANIFEST.MF (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\android\metadata (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\android\otacert (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google\android\update-binary (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\META-INF\com\google\android\updater-script (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\build.prop (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\addon.d\50-cm.sh (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\addon.d\blacklist (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\defaultcontainerservice.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\livewallpapers.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Apollo.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\applicationsprovider.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\backuprestoreconfirmation.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\basicdreams.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\bluetooth.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Browser.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\calculator.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Calendar.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\calendarprovider.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cellbroadcastreceiver.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\certinstaller.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cmfilemanager.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cmupdater.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\cmwallpapers.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Contacts.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\contactsprovider.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\deskclock.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\development.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\downloadprovider.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\downloadproviderui.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\drmprovider.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\dspmanager.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Email2.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\exchange2.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\fusedlocation.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Galaxy4.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\galaxys3settings.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Gallery2.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\holospiralwallpaper.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\htmlviewer.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\inputdevices.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\KeyChain.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\LatinIME.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\livewallpaperspicker.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\lockclock.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\magicsmokewallpapers.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\mediaprovider.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Mms.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Nfc.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\noisefield.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\packageinstaller.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\phasebeam.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Phone.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\phototable.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\PicoTts.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\provision.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\quicksearchbox.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Settings.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\settingsprovider.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\sharedstoragebackup.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\soundrecorder.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Stk.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\SystemUI.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Tag.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\telephonyprovider.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Term.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\themechooser.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\thememanager.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\Torch.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\trebuchet.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\userdictionaryprovider.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\videoeditor.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\visualizationwallpapers.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\voicedialer.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\vpndialogs.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\app\wappushmanager.apk (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bugmailer.sh (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\fsck_msdos (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\abcc (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\adb (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\alsaucm_test (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\am (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\amix (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\aplay (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\applypatch (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\app_process (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\arec (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\atrace (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\audioloop (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\backuptool.functions (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\backuptool.sh (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bcm4334.hcd (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bcm4334_murata.hcd (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bcm4334_semco.hcd (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bmgr (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bootanimation (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bu (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\bugreport (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\codec (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\compcache (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\content (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\corrupt_gdt_free_blocks (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dalvikvm (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dbus-daemon (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\debuggerd (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\decoder (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dexopt (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dhcpcd (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dnsmasq (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\drmserver (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dumpstate (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dumpsys (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\dump_image (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\e2fsck (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\erase_image (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\flash_image (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\gdbserver (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\gzip (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\handle_compcache (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\hostapd (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\hostapd_cli (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ime (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\input (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\installd (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ip (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ip6tables (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\iptables (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\keystore (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\keystore_cli (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\linker (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\logcat (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\logwrapper (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\macloader (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\make_ext4fs (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mdnsd (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mediaserver (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mke2fs (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mksh (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-qcamera-daemon (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-vdec-omx-test (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-venc-omx-test720p (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-video-driver-test (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mm-video-encdrv-test (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\monkey (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mpdecision (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\mtpd (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\ndc (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\netcfg (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\s-1-5-21-3599311508-1225117502-3980116514-1001\$r9fjb57.1-20130415-nightly-d2att\system\bin\netd (Trojan.Siredef.C) -> Delete on reboot.

 

(end)



#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:07 PM

Posted 01 May 2013 - 11:03 PM

You're infected with ZeroAccess rootkit.

It'll require elevated help.

 

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 krazyistkarl

krazyistkarl
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 01 May 2013 - 11:52 PM

Thank you Broni, I've created a new thread for ZeroAccess.

But back to privitizeVPN, it all started when I accidentally clicked on anonymus download on the pirate bay instead of download now. right away spybot and avera caught it and I was quite sure it never installed. Is it possible for it to still affect my system? Or is it all cleared of that threa?



#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:07 PM

Posted 02 May 2013 - 12:07 AM

You need to get your computer checked well in malware removal forum.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users