Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.agent.h detected


  • This topic is locked This topic is locked
17 replies to this topic

#1 likishi84

likishi84

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 16 May 2016 - 05:02 PM

HI all i have ran malware-bytes and it has come up with the trojan.agent.h no log as when typing this malware bytes is sill running i have attached the frst and addition txt to thi i am also running eset will post report when done and sopphos anti root kit will post all logs when done thanks in advance 

 

here is malware bytes report 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 16/05/2016
Scan Time: 21:18
Logfile: malware bytes.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.05.16.05
Rootkit Database: v2016.05.06.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: lee and kate
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 528049
Time Elapsed: 1 hr, 46 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Agent.H, C:\Users\lee and kate\AppData\Local\Temp\is-4C8PV.tmp\precomp042.exe, , [9cf99f37b8e19c9a7579f10d37ca54ac], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Attached Files


Edited by likishi84, 16 May 2016 - 05:07 PM.


BC AdBot (Login to Remove)

 


#2 likishi84

likishi84
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 16 May 2016 - 05:11 PM

tdds report

 

23:08:59.0241 0x16b8  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
23:08:59.0242 0x16b8  UEFI system
23:09:02.0637 0x16b8  ============================================================
23:09:02.0637 0x16b8  Current date / time: 2016/05/16 23:09:02.0637
23:09:02.0637 0x16b8  SystemInfo:
23:09:02.0637 0x16b8  
23:09:02.0637 0x16b8  OS Version: 10.0.10586 ServicePack: 0.0
23:09:02.0637 0x16b8  Product type: Workstation
23:09:02.0637 0x16b8  ComputerName: DESKTOP-UD1NUK5
23:09:02.0637 0x16b8  UserName: lee and kate
23:09:02.0637 0x16b8  Windows directory: C:\WINDOWS
23:09:02.0637 0x16b8  System windows directory: C:\WINDOWS
23:09:02.0637 0x16b8  Running under WOW64
23:09:02.0637 0x16b8  Processor architecture: Intel x64
23:09:02.0637 0x16b8  Number of processors: 4
23:09:02.0637 0x16b8  Page size: 0x1000
23:09:02.0637 0x16b8  Boot type: Normal boot
23:09:02.0637 0x16b8  ============================================================
23:09:14.0574 0x16b8  KLMD registered as C:\WINDOWS\system32\drivers\13864263.sys
23:09:15.0886 0x16b8  System UUID: {EC705BBA-7D7A-766C-6C24-B2E143CAEB10}
23:09:17.0036 0x16b8  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:09:17.0061 0x16b8  ============================================================
23:09:17.0061 0x16b8  \Device\Harddisk0\DR0:
23:09:17.0120 0x16b8  GPT partitions:
23:09:17.0142 0x16b8  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {FA9777FD-FF3B-49CC-A924-7EFC085E4334}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1FF800
23:09:17.0142 0x16b8  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {9095F7F5-B29A-483E-AE09-81F6AA6B1E40}, Name: EFI system partition, StartLBA 0x200000, BlocksNum 0xB4000
23:09:17.0142 0x16b8  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {09C5919F-DF8C-47BB-B3D6-E6007F308935}, Name: Microsoft reserved partition, StartLBA 0x2B4000, BlocksNum 0x40000
23:09:17.0142 0x16b8  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {97D7A7AB-E51F-4591-B236-A2CB5D457152}, Name: Basic data partition, StartLBA 0x2F4000, BlocksNum 0x72180000
23:09:17.0142 0x16b8  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E048E9A5-B59E-4DC5-94EA-D2A86E16909F}, Name: , StartLBA 0x72474000, BlocksNum 0xE1000
23:09:17.0142 0x16b8  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C6AC5BE5-78B7-44D6-8F26-6A474F697AB0}, Name: , StartLBA 0x72555000, BlocksNum 0xE1800
23:09:17.0142 0x16b8  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2289C0CB-9F38-4E2D-BD5B-45D59A24E9C2}, Name: Basic data partition, StartLBA 0x72636800, BlocksNum 0x20D0000
23:09:17.0142 0x16b8  MBR partitions:
23:09:17.0142 0x16b8  ============================================================
23:09:17.0220 0x16b8  C: <-> \Device\Harddisk0\DR0\Partition4
23:09:17.0293 0x16b8  D: <-> \Device\Harddisk0\DR0\Partition7
23:09:17.0293 0x16b8  ============================================================
23:09:17.0293 0x16b8  Initialize success
23:09:17.0293 0x16b8  ============================================================
23:09:26.0011 0x01e8  ============================================================
23:09:26.0011 0x01e8  Scan started
23:09:26.0011 0x01e8  Mode: Manual; SigCheck; TDLFS; 
23:09:26.0011 0x01e8  ============================================================
23:09:26.0011 0x01e8  KSN ping started
23:09:28.0510 0x01e8  KSN ping finished: true
23:09:34.0059 0x01e8  ================ Scan system memory ========================
23:09:34.0059 0x01e8  System memory - ok
23:09:34.0059 0x01e8  ================ Scan services =============================
23:09:34.0630 0x01e8  1394ohci - ok
23:09:34.0633 0x01e8  3ware - ok
23:09:34.0663 0x01e8  ACPI - ok
23:09:34.0695 0x01e8  acpiex - ok
23:09:34.0697 0x01e8  acpipagr - ok
23:09:34.0724 0x01e8  AcpiPmi - ok
23:09:34.0734 0x01e8  acpitime - ok
23:09:34.0738 0x01e8  ADP80XX - ok
23:09:34.0752 0x01e8  AFD - ok
23:09:34.0755 0x01e8  agp440 - ok
23:09:34.0762 0x01e8  ahcache - ok
23:09:34.0777 0x01e8  AJRouter - ok
23:09:34.0819 0x01e8  ALG - ok
23:09:34.0862 0x01e8  [ D2AC5BEE06DAD97FBDB9E0D743C800A4, 8BCE35C6808DABB657CD587B6F97E5EA006A50B9942FE3D1DAEDDF9702FA0136 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
23:09:35.0121 0x01e8  AMD External Events Utility - ok
23:09:35.0280 0x01e8  AmdK8 - ok
23:09:35.0311 0x01e8  [ B28145E732EDEBBEDABC311DBA56D52A, 43745C17A3AC2A7A6FB0DBF1A2158C6B365198581E8E3B1F7E7E9EE9763A2735 ] amdkmafd        C:\WINDOWS\system32\drivers\amdkmafd.sys
23:09:35.0373 0x01e8  amdkmafd - ok
23:09:35.0405 0x01e8  amdkmdag - ok
23:09:35.0489 0x01e8  [ DF91A7FE2D8F487EE5769BAC2D297D76, B401E2A14AB1E4194C19DF5C938A57262B55751C344E94864DCCC6304F1027FF ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
23:09:35.0516 0x01e8  amdkmdap - ok
23:09:35.0525 0x01e8  AmdPPM - ok
23:09:35.0528 0x01e8  amdsata - ok
23:09:35.0531 0x01e8  amdsbs - ok
23:09:35.0533 0x01e8  amdxata - ok
23:09:35.0554 0x01e8  AppID - ok
23:09:35.0584 0x01e8  AppIDSvc - ok
23:09:35.0584 0x01e8  Appinfo - ok
23:09:35.0598 0x01e8  AppReadiness - ok
23:09:35.0622 0x01e8  AppXSvc - ok
23:09:35.0638 0x01e8  arcsas - ok
23:09:35.0638 0x01e8  AsyncMac - ok
23:09:35.0638 0x01e8  atapi - ok
23:09:35.0669 0x01e8  [ 2A38B5218A7BE3CE0E0B3D92E3844782, 2B0799EF6E5A5EE65AC91E394F6C0EDE95067BB96567FD25DA0C003F9FB7E84E ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys
23:09:35.0684 0x01e8  AtiHDAudioService - ok
23:09:35.0716 0x01e8  AudioEndpointBuilder - ok
23:09:35.0751 0x01e8  Audiosrv - ok
23:09:35.0757 0x01e8  AxInstSV - ok
23:09:35.0762 0x01e8  b06bdrv - ok
23:09:35.0793 0x01e8  BasicDisplay - ok
23:09:35.0809 0x01e8  BasicRender - ok
23:09:35.0840 0x01e8  bcmfn - ok
23:09:35.0840 0x01e8  bcmfn2 - ok
23:09:35.0855 0x01e8  BDESVC - ok
23:09:35.0887 0x01e8  Beep - ok
23:09:35.0918 0x01e8  BFE - ok
23:09:35.0934 0x01e8  BITS - ok
23:09:35.0934 0x01e8  bowser - ok
23:09:35.0949 0x01e8  BrokerInfrastructure - ok
23:09:35.0965 0x01e8  Browser - ok
23:09:35.0998 0x01e8  BthAvrcpTg - ok
23:09:36.0012 0x01e8  BthHFEnum - ok
23:09:36.0027 0x01e8  bthhfhid - ok
23:09:36.0043 0x01e8  BthHFSrv - ok
23:09:36.0058 0x01e8  BTHMODEM - ok
23:09:36.0074 0x01e8  bthserv - ok
23:09:36.0074 0x01e8  buttonconverter - ok
23:09:36.0355 0x01e8  [ DF86BED1D3EF519E33C6816A96C7BF9D, 435E61A03E1E56C7D727DE8C401B8D71BD599B188270645F66744B04A5EB27E1 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
23:09:36.0402 0x01e8  c2cautoupdatesvc - ok
23:09:36.0654 0x01e8  [ 461743EB55ABCE22AA2D330552E95A3F, AFF85E1AEEF57B9F0403DE21B7BCAB356217001937B09AC3C2F8B1056E0A0605 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
23:09:36.0716 0x01e8  c2cpnrsvc - ok
23:09:36.0738 0x01e8  CapImg - ok
23:09:36.0741 0x01e8  cdfs - ok
23:09:36.0760 0x01e8  CDPSvc - ok
23:09:36.0762 0x01e8  cdrom - ok
23:09:36.0762 0x01e8  CertPropSvc - ok
23:09:36.0762 0x01e8  circlass - ok
23:09:36.0777 0x01e8  CLFS - ok
23:09:36.0793 0x01e8  ClipSVC - ok
23:09:36.0809 0x01e8  CmBatt - ok
23:09:36.0824 0x01e8  CNG - ok
23:09:36.0824 0x01e8  cnghwassist - ok
23:09:37.0137 0x01e8  CompositeBus - ok
23:09:37.0137 0x01e8  COMSysApp - ok
23:09:37.0152 0x01e8  condrv - ok
23:09:37.0183 0x01e8  CoreMessagingRegistrar - ok
23:09:37.0236 0x01e8  CryptSvc - ok
23:09:37.0254 0x01e8  dam - ok
23:09:37.0281 0x01e8  DcomLaunch - ok
23:09:37.0312 0x01e8  DcpSvc - ok
23:09:37.0359 0x01e8  defragsvc - ok
23:09:37.0390 0x01e8  DeviceAssociationService - ok
23:09:37.0468 0x01e8  DeviceInstall - ok
23:09:37.0505 0x01e8  DevQueryBroker - ok
23:09:37.0527 0x01e8  Dfsc - ok
23:09:37.0558 0x01e8  [ D722BC26F7431A4DA9A183E56CA9FEE3, 86AB717431CB3DDAF6213A1CFE8DF3684080BAAD569731A90AA1AA198E97506D ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
23:09:37.0590 0x01e8  dg_ssudbus - ok
23:09:37.0595 0x01e8  Dhcp - ok
23:09:37.0638 0x01e8  diagnosticshub.standardcollector.service - ok
23:09:37.0669 0x01e8  DiagTrack - ok
23:09:37.0684 0x01e8  disk - ok
23:09:37.0744 0x01e8  DmEnrollmentSvc - ok
23:09:37.0756 0x01e8  dmvsc - ok
23:09:37.0762 0x01e8  dmwappushservice - ok
23:09:37.0777 0x01e8  Dnscache - ok
23:09:37.0793 0x01e8  dot3svc - ok
23:09:37.0824 0x01e8  DPS - ok
23:09:37.0855 0x01e8  drmkaud - ok
23:09:38.0254 0x01e8  [ 8407DDFAB85AE664E507C30314090385, 05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748 ] DrvAgent64      C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS
23:09:38.0278 0x01e8  DrvAgent64 - ok
23:09:38.0317 0x01e8  DsmSvc - ok
23:09:38.0354 0x01e8  DsSvc - ok
23:09:38.0388 0x01e8  DXGKrnl - ok
23:09:38.0412 0x01e8  Eaphost - ok
23:09:38.0435 0x01e8  ebdrv - ok
23:09:38.0453 0x01e8  EFS - ok
23:09:38.0467 0x01e8  EhStorClass - ok
23:09:38.0488 0x01e8  EhStorTcgDrv - ok
23:09:38.0519 0x01e8  embeddedmode - ok
23:09:38.0542 0x01e8  EntAppSvc - ok
23:09:38.0545 0x01e8  ErrDev - ok
23:09:38.0559 0x01e8  EventSystem - ok
23:09:38.0570 0x01e8  exfat - ok
23:09:38.0586 0x01e8  fastfat - ok
23:09:38.0605 0x01e8  Fax - ok
23:09:38.0608 0x01e8  fdc - ok
23:09:38.0620 0x01e8  fdPHost - ok
23:09:38.0625 0x01e8  FDResPub - ok
23:09:38.0643 0x01e8  fhsvc - ok
23:09:38.0677 0x01e8  FileCrypt - ok
23:09:38.0701 0x01e8  FileInfo - ok
23:09:38.0704 0x01e8  Filetrace - ok
23:09:38.0708 0x01e8  flpydisk - ok
23:09:38.0718 0x01e8  FltMgr - ok
23:09:38.0729 0x01e8  FontCache - ok
23:09:38.0823 0x01e8  FontCache3.0.0.0 - ok
23:09:38.0839 0x01e8  FsDepends - ok
23:09:38.0839 0x01e8  Fs_Rec - ok
23:09:38.0854 0x01e8  fvevol - ok
23:09:38.0877 0x01e8  gagp30kx - ok
23:09:38.0921 0x01e8  gencounter - ok
23:09:38.0952 0x01e8  genericusbfn - ok
23:09:38.0952 0x01e8  GPIOClx0101 - ok
23:09:38.0968 0x01e8  gpsvc - ok
23:09:38.0992 0x01e8  GpuEnergyDrv - ok
23:09:39.0058 0x01e8  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:09:39.0074 0x01e8  gupdate - ok
23:09:39.0090 0x01e8  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:09:39.0090 0x01e8  gupdatem - ok
23:09:39.0105 0x01e8  HdAudAddService - ok
23:09:39.0105 0x01e8  HDAudBus - ok
23:09:39.0121 0x01e8  HidBatt - ok
23:09:39.0124 0x01e8  HidBth - ok
23:09:39.0131 0x01e8  hidi2c - ok
23:09:39.0144 0x01e8  hidinterrupt - ok
23:09:39.0148 0x01e8  HidIr - ok
23:09:39.0151 0x01e8  hidserv - ok
23:09:39.0171 0x01e8  HidUsb - ok
23:09:39.0181 0x01e8  HomeGroupListener - ok
23:09:39.0194 0x01e8  HomeGroupProvider - ok
23:09:39.0456 0x01e8  [ 7B7DE6B3DC30F3246958F42C67A6F7BB, 4B66B90CFEC2231B905B21DECC4EC7C6500E546F080A452EF67E724EDF37ADD9 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
23:09:39.0514 0x01e8  hpqwmiex - ok
23:09:39.0522 0x01e8  HpSAMD - ok
23:09:39.0588 0x01e8  [ 05E4EABEBBAEF43DE578B2560A35930F, 921B3BB97F533AD0111DF89B3AEF137194AE9AE146199CA6C3F23FF47AE1BCD3 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
23:09:39.0604 0x01e8  HPSupportSolutionsFrameworkService - ok
23:09:39.0635 0x01e8  HTTP - ok
23:09:39.0666 0x01e8  hwpolicy - ok
23:09:39.0682 0x01e8  hyperkbd - ok
23:09:39.0682 0x01e8  HyperVideo - ok
23:09:39.0682 0x01e8  i8042prt - ok
23:09:39.0697 0x01e8  iai2c - ok
23:09:39.0729 0x01e8  iaLPSS2i_I2C - ok
23:09:39.0750 0x01e8  iaLPSSi_GPIO - ok
23:09:39.0762 0x01e8  iaLPSSi_I2C - ok
23:09:39.0762 0x01e8  iaStorAV - ok
23:09:39.0762 0x01e8  iaStorV - ok
23:09:39.0762 0x01e8  ibbus - ok
23:09:39.0777 0x01e8  icssvc - ok
23:09:39.0793 0x01e8  IEEtwCollectorService - ok
23:09:39.0793 0x01e8  IKEEXT - ok
23:09:39.0808 0x01e8  intelide - ok
23:09:39.0808 0x01e8  intelpep - ok
23:09:39.0824 0x01e8  intelppm - ok
23:09:39.0824 0x01e8  IoQos - ok
23:09:39.0840 0x01e8  IpFilterDriver - ok
23:09:39.0855 0x01e8  iphlpsvc - ok
23:09:39.0855 0x01e8  IPMIDRV - ok
23:09:39.0871 0x01e8  IPNAT - ok
23:09:39.0871 0x01e8  IRENUM - ok
23:09:39.0887 0x01e8  isapnp - ok
23:09:39.0887 0x01e8  iScsiPrt - ok
23:09:39.0902 0x01e8  kbdclass - ok
23:09:39.0902 0x01e8  kbdhid - ok
23:09:39.0918 0x01e8  kdnic - ok
23:09:39.0918 0x01e8  KeyIso - ok
23:09:39.0918 0x01e8  KSecDD - ok
23:09:39.0965 0x01e8  KSecPkg - ok
23:09:39.0965 0x01e8  ksthunk - ok
23:09:40.0004 0x01e8  KtmRm - ok
23:09:40.0027 0x01e8  LanmanServer - ok
23:09:40.0058 0x01e8  LanmanWorkstation - ok
23:09:40.0090 0x01e8  lfsvc - ok
23:09:40.0121 0x01e8  LicenseManager - ok
23:09:40.0137 0x01e8  lltdio - ok
23:09:40.0152 0x01e8  lltdsvc - ok
23:09:40.0183 0x01e8  lmhosts - ok
23:09:40.0199 0x01e8  LSI_SAS - ok
23:09:40.0199 0x01e8  LSI_SAS2i - ok
23:09:40.0215 0x01e8  LSI_SAS3i - ok
23:09:40.0230 0x01e8  LSI_SSS - ok
23:09:40.0246 0x01e8  LSM - ok
23:09:40.0249 0x01e8  luafv - ok
23:09:40.0262 0x01e8  MapsBroker - ok
23:09:40.0340 0x01e8  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
23:09:40.0355 0x01e8  MBAMProtector - ok
23:09:40.0527 0x01e8  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
23:09:40.0574 0x01e8  MBAMScheduler - ok
23:09:40.0683 0x01e8  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
23:09:40.0730 0x01e8  MBAMService - ok
23:09:40.0793 0x01e8  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
23:09:40.0809 0x01e8  MBAMSwissArmy - ok
23:09:40.0824 0x01e8  [ 898415AC0B5F1D2A9A48ABCB68A6DC4B, E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
23:09:40.0840 0x01e8  MBAMWebAccessControl - ok
23:09:40.0840 0x01e8  megasas - ok
23:09:40.0856 0x01e8  megasr - ok
23:09:40.0903 0x01e8  [ 6D1671CB2E5402F01D2F13ECF764CAA1, 4778630F602FE8F9B9112DC5BB7A179632000D10D80C28E93711404108FCC6E0 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
23:09:40.0918 0x01e8  MEIx64 - ok
23:09:40.0965 0x01e8  [ D70476AD02D6FD75282B196D3B58831D, F93565261EC57F43445C082DBCE5CE0D4B121A5C34B818A09AB5B311457588FD ] MEMSWEEP2       C:\WINDOWS\system32\3098.tmp
23:09:41.0058 0x01e8  MEMSWEEP2 - detected UnsignedFile.Multi.Generic ( 1 )
23:09:43.0426 0x01e8  Detect skipped due to KSN trusted
23:09:43.0426 0x01e8  MEMSWEEP2 - ok
23:09:43.0457 0x01e8  MessagingService - ok
23:09:43.0605 0x01e8  mlx4_bus - ok
23:09:43.0621 0x01e8  MMCSS - ok
23:09:43.0621 0x01e8  Modem - ok
23:09:43.0637 0x01e8  monitor - ok
23:09:43.0637 0x01e8  mouclass - ok
23:09:43.0652 0x01e8  mouhid - ok
23:09:43.0652 0x01e8  mountmgr - ok
23:09:43.0668 0x01e8  mpsdrv - ok
23:09:43.0699 0x01e8  MpsSvc - ok
23:09:43.0699 0x01e8  MRxDAV - ok
23:09:43.0730 0x01e8  mrxsmb - ok
23:09:43.0762 0x01e8  mrxsmb10 - ok
23:09:43.0762 0x01e8  mrxsmb20 - ok
23:09:43.0777 0x01e8  MsBridge - ok
23:09:43.0793 0x01e8  MSDTC - ok
23:09:43.0809 0x01e8  Msfs - ok
23:09:43.0840 0x01e8  msgpiowin32 - ok
23:09:43.0840 0x01e8  mshidkmdf - ok
23:09:43.0840 0x01e8  mshidumdf - ok
23:09:43.0840 0x01e8  msisadrv - ok
23:09:43.0871 0x01e8  MSiSCSI - ok
23:09:43.0871 0x01e8  msiserver - ok
23:09:43.0871 0x01e8  MSKSSRV - ok
23:09:43.0887 0x01e8  MsLldp - ok
23:09:43.0887 0x01e8  MSPCLOCK - ok
23:09:43.0902 0x01e8  MSPQM - ok
23:09:43.0902 0x01e8  MsRPC - ok
23:09:43.0902 0x01e8  mssmbios - ok
23:09:43.0902 0x01e8  MSTEE - ok
23:09:43.0918 0x01e8  MTConfig - ok
23:09:43.0918 0x01e8  Mup - ok
23:09:43.0934 0x01e8  mvumis - ok
23:09:43.0949 0x01e8  NativeWifiP - ok
23:09:43.0980 0x01e8  NcaSvc - ok
23:09:44.0043 0x01e8  NcbService - ok
23:09:44.0043 0x01e8  NcdAutoSetup - ok
23:09:44.0058 0x01e8  ndfltr - ok
23:09:44.0058 0x01e8  NDIS - ok
23:09:44.0074 0x01e8  NdisCap - ok
23:09:44.0074 0x01e8  NdisImPlatform - ok
23:09:44.0090 0x01e8  NdisTapi - ok
23:09:44.0090 0x01e8  Ndisuio - ok
23:09:44.0090 0x01e8  NdisVirtualBus - ok
23:09:44.0090 0x01e8  NdisWan - ok
23:09:44.0105 0x01e8  ndiswanlegacy - ok
23:09:44.0121 0x01e8  ndproxy - ok
23:09:44.0121 0x01e8  Ndu - ok
23:09:44.0121 0x01e8  NetBIOS - ok
23:09:44.0121 0x01e8  NetBT - ok
23:09:44.0137 0x01e8  Netlogon - ok
23:09:44.0152 0x01e8  Netman - ok
23:09:44.0168 0x01e8  netprofm - ok
23:09:44.0183 0x01e8  netr28x - ok
23:09:44.0199 0x01e8  NetSetupSvc - ok
23:09:44.0355 0x01e8  NetTcpPortSharing - ok
23:09:44.0371 0x01e8  netvsc - ok
23:09:44.0418 0x01e8  NgcCtnrSvc - ok
23:09:44.0433 0x01e8  NgcSvc - ok
23:09:44.0449 0x01e8  NlaSvc - ok
23:09:44.0465 0x01e8  Npfs - ok
23:09:44.0509 0x01e8  npsvctrig - ok
23:09:44.0512 0x01e8  nsi - ok
23:09:44.0528 0x01e8  nsiproxy - ok
23:09:44.0559 0x01e8  NTFS - ok
23:09:44.0574 0x01e8  Null - ok
23:09:44.0574 0x01e8  NVHDA - ok
23:09:44.0574 0x01e8  nvlddmkm - ok
23:09:44.0590 0x01e8  nvraid - ok
23:09:44.0606 0x01e8  nvstor - ok
23:09:44.0606 0x01e8  nv_agp - ok
23:09:44.0621 0x01e8  OneSyncSvc - ok
23:09:44.0793 0x01e8  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:09:44.0808 0x01e8  ose64 - ok
23:09:44.0840 0x01e8  p2pimsvc - ok
23:09:44.0871 0x01e8  p2psvc - ok
23:09:44.0918 0x01e8  Parport - ok
23:09:44.0918 0x01e8  partmgr - ok
23:09:44.0949 0x01e8  PcaSvc - ok
23:09:45.0058 0x01e8  pci - ok
23:09:45.0074 0x01e8  pciide - ok
23:09:45.0090 0x01e8  pcmcia - ok
23:09:45.0105 0x01e8  pcw - ok
23:09:45.0105 0x01e8  pdc - ok
23:09:45.0121 0x01e8  PEAUTH - ok
23:09:45.0137 0x01e8  percsas2i - ok
23:09:45.0152 0x01e8  percsas3i - ok
23:09:45.0606 0x01e8  PerfHost - ok
23:09:45.0637 0x01e8  PhoneSvc - ok
23:09:45.0652 0x0298  Object required for P2P: [ DF91A7FE2D8F487EE5769BAC2D297D76 ] amdkmdap
23:09:45.0684 0x01e8  PimIndexMaintenanceSvc - ok
23:09:45.0715 0x01e8  pla - ok
23:09:45.0751 0x01e8  PlugPlay - ok
23:09:45.0762 0x01e8  PNRPAutoReg - ok
23:09:45.0777 0x01e8  PNRPsvc - ok
23:09:45.0808 0x01e8  PolicyAgent - ok
23:09:45.0808 0x01e8  Power - ok
23:09:45.0840 0x01e8  PptpMiniport - ok
23:09:45.0902 0x01e8  PrintNotify - ok
23:09:45.0933 0x01e8  Processor - ok
23:09:45.0951 0x01e8  ProfSvc - ok
23:09:45.0968 0x01e8  Psched - ok
23:09:45.0981 0x01e8  QWAVE - ok
23:09:45.0989 0x01e8  QWAVEdrv - ok
23:09:46.0011 0x01e8  RasAcd - ok
23:09:46.0024 0x01e8  RasAgileVpn - ok
23:09:46.0049 0x01e8  RasAuto - ok
23:09:46.0081 0x01e8  Rasl2tp - ok
23:09:46.0098 0x01e8  RasMan - ok
23:09:46.0101 0x01e8  RasPppoe - ok
23:09:46.0104 0x01e8  RasSstp - ok
23:09:46.0107 0x01e8  rdbss - ok
23:09:46.0112 0x01e8  rdpbus - ok
23:09:46.0116 0x01e8  RDPDR - ok
23:09:46.0142 0x01e8  RdpVideoMiniport - ok
23:09:46.0146 0x01e8  rdyboost - ok
23:09:46.0148 0x01e8  ReFSv1 - ok
23:09:46.0163 0x01e8  RemoteAccess - ok
23:09:46.0184 0x01e8  RemoteRegistry - ok
23:09:46.0221 0x01e8  RetailDemo - ok
23:09:46.0234 0x01e8  RpcEptMapper - ok
23:09:46.0274 0x01e8  RpcLocator - ok
23:09:46.0286 0x01e8  RpcSs - ok
23:09:46.0305 0x01e8  rspndr - ok
23:09:46.0465 0x01e8  [ 9A4CB33560A25CF7ACDE1C1E3C7B1A28, A62B6E555CB1D20328608829BEB90E8B882F4380BB65598C255258159A78801F ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
23:09:46.0507 0x01e8  rt640x64 - ok
23:09:46.0524 0x01e8  s3cap - ok
23:09:46.0527 0x01e8  SamSs - ok
23:09:46.0546 0x01e8  sbp2port - ok
23:09:46.0557 0x01e8  SCardSvr - ok
23:09:46.0604 0x01e8  [ BAC92F6380AD959629B309613CE53B4A, DC93348827AFAFF5D5D12CB1F673579C8441AB39243E103EFB414AB80567CFCF ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
23:09:46.0615 0x01e8  SCDEmu - ok
23:09:46.0623 0x01e8  ScDeviceEnum - ok
23:09:46.0633 0x01e8  scfilter - ok
23:09:46.0651 0x01e8  Schedule - ok
23:09:46.0682 0x01e8  SCPolicySvc - ok
23:09:46.0709 0x01e8  sdbus - ok
23:09:46.0725 0x01e8  SDRSVC - ok
23:09:46.0745 0x01e8  sdstor - ok
23:09:46.0757 0x01e8  seclogon - ok
23:09:46.0773 0x01e8  SENS - ok
23:09:46.0788 0x01e8  SensorDataService - ok
23:09:46.0836 0x01e8  SensorService - ok
23:09:46.0856 0x01e8  SensrSvc - ok
23:09:46.0859 0x01e8  SerCx - ok
23:09:46.0882 0x01e8  SerCx2 - ok
23:09:46.0935 0x01e8  Serenum - ok
23:09:46.0949 0x01e8  Serial - ok
23:09:46.0955 0x01e8  sermouse - ok
23:09:46.0998 0x01e8  SessionEnv - ok
23:09:47.0009 0x01e8  sfloppy - ok
23:09:47.0028 0x01e8  SharedAccess - ok
23:09:47.0087 0x01e8  ShellHWDetection - ok
23:09:47.0090 0x01e8  SiSRaid2 - ok
23:09:47.0094 0x01e8  SiSRaid4 - ok
23:09:47.0299 0x01e8  [ 9A66A87BBC0EC4463042959B7C0D4AC1, 2E61DC50AD4A4D4782F3271BAD010137DA9A6AFC46C7568C709F68C7621DCD40 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:09:47.0319 0x01e8  SkypeUpdate - ok
23:09:47.0358 0x01e8  smphost - ok
23:09:47.0382 0x01e8  SmsRouter - ok
23:09:47.0397 0x01e8  SNMPTRAP - ok
23:09:47.0441 0x01e8  spaceport - ok
23:09:47.0444 0x01e8  SpbCx - ok
23:09:47.0491 0x01e8  Spooler - ok
23:09:47.0509 0x01e8  sppsvc - ok
23:09:47.0512 0x01e8  srv - ok
23:09:47.0522 0x01e8  srv2 - ok
23:09:47.0525 0x01e8  srvnet - ok
23:09:47.0549 0x01e8  SSDPSRV - ok
23:09:47.0564 0x01e8  SstpSvc - ok
23:09:47.0637 0x01e8  [ 9B74226E10CD57E965F87014841016F9, 95C76049DBBF3B31A9B01CFD0EDAAC47DE9A1F096B61D05C47FB85E1AFC07288 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
23:09:47.0651 0x01e8  ssudmdm - ok
23:09:47.0762 0x01e8  [ 97F839E8AEC48EE271509BF4BC764C24, 7B9B791E987ADC8991C128CD52CB253F295E41DF502BF8933DF388994E84560D ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
23:09:47.0826 0x01e8  STacSV - detected UnsignedFile.Multi.Generic ( 1 )
23:09:48.0081 0x0298  Object send P2P result: true
23:09:50.0157 0x01e8  Detect skipped due to KSN trusted
23:09:50.0157 0x01e8  STacSV - ok
23:09:50.0173 0x01e8  StateRepository - ok
23:09:50.0375 0x01e8  [ BE826A247D22F2FDF24B92AD40049F89, 06996ECCE5A694DEFDC99DB56F45DD0ABD9A2150581F1FD132FBBD863C474DE3 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
23:09:50.0438 0x01e8  Steam Client Service - ok
23:09:50.0438 0x01e8  stexstor - ok
23:09:50.0493 0x01e8  [ 7E89F65EB250463EE8665CFE19566FC3, 45849BAFA62E72A97103C5F02962D346D3F79DE9DB07297D1073FF355A506D9C ] STHDA           C:\WINDOWS\system32\DRIVERS\stwrt64.sys
23:09:50.0590 0x01e8  STHDA - ok
23:09:50.0621 0x01e8  stisvc - ok
23:09:50.0621 0x01e8  storahci - ok
23:09:50.0652 0x01e8  storflt - ok
23:09:50.0668 0x01e8  stornvme - ok
23:09:50.0684 0x01e8  storqosflt - ok
23:09:50.0715 0x01e8  StorSvc - ok
23:09:50.0715 0x01e8  storufs - ok
23:09:50.0730 0x01e8  storvsc - ok
23:09:50.0762 0x01e8  svsvc - ok
23:09:50.0762 0x01e8  swenum - ok
23:09:50.0777 0x01e8  swprv - ok
23:09:50.0827 0x01e8  Synth3dVsc - ok
23:09:50.0858 0x01e8  SysMain - ok
23:09:50.0874 0x01e8  SystemEventsBroker - ok
23:09:50.0905 0x01e8  TabletInputService - ok
23:09:50.0921 0x01e8  TapiSrv - ok
23:09:50.0952 0x01e8  Tcpip - ok
23:09:50.0952 0x01e8  Tcpip6 - ok
23:09:50.0968 0x01e8  tcpipreg - ok
23:09:50.0989 0x01e8  tdx - ok
23:09:51.0004 0x01e8  terminpt - ok
23:09:51.0009 0x01e8  TermService - ok
23:09:51.0012 0x01e8  Themes - ok
23:09:51.0028 0x01e8  TieringEngineService - ok
23:09:51.0075 0x01e8  tiledatamodelsvc - ok
23:09:51.0106 0x01e8  [ 2131FB417D02BEDD50A77DAD7DE9D745, D648986EE5E4810BF48E9AA0466FE136A0655ACE8208E52C83C9A9689990C1FC ] tilfilter       C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys
23:09:51.0106 0x01e8  tilfilter - ok
23:09:51.0153 0x01e8  TimeBroker - ok
23:09:51.0168 0x01e8  [ 2B799F6B43D19AB41F5B92B9989200D5, 3F9607FF1F6375C273508BD883ED847CB93DA311DC96FC27535F6B6EA56711E0 ] tiufilter       C:\WINDOWS\System32\drivers\TIxHCIufilter.sys
23:09:51.0184 0x01e8  tiufilter - ok
23:09:51.0184 0x01e8  TPM - ok
23:09:51.0215 0x01e8  TrkWks - ok
23:09:51.0262 0x01e8  TrustedInstaller - ok
23:09:51.0277 0x01e8  tsusbflt - ok
23:09:51.0277 0x01e8  TsUsbGD - ok
23:09:51.0293 0x01e8  tunnel - ok
23:09:51.0334 0x01e8  tzautoupdate - ok
23:09:51.0350 0x01e8  uagp35 - ok
23:09:51.0350 0x01e8  UASPStor - ok
23:09:51.0365 0x01e8  UcmCx0101 - ok
23:09:51.0381 0x01e8  UcmUcsi - ok
23:09:51.0381 0x01e8  Ucx01000 - ok
23:09:51.0397 0x01e8  UdeCx - ok
23:09:51.0397 0x01e8  udfs - ok
23:09:51.0412 0x01e8  UEFI - ok
23:09:51.0428 0x01e8  Ufx01000 - ok
23:09:51.0444 0x01e8  UfxChipidea - ok
23:09:51.0459 0x01e8  ufxsynopsys - ok
23:09:51.0492 0x01e8  UI0Detect - ok
23:09:51.0501 0x01e8  uliagpkx - ok
23:09:51.0511 0x01e8  umbus - ok
23:09:51.0514 0x01e8  UmPass - ok
23:09:51.0521 0x01e8  UmRdpService - ok
23:09:51.0534 0x01e8  UnistoreSvc - ok
23:09:51.0571 0x01e8  upnphost - ok
23:09:51.0602 0x01e8  UrsChipidea - ok
23:09:51.0627 0x01e8  UrsCx01000 - ok
23:09:51.0651 0x01e8  UrsSynopsys - ok
23:09:51.0657 0x01e8  usbccgp - ok
23:09:51.0666 0x01e8  usbcir - ok
23:09:51.0687 0x01e8  usbehci - ok
23:09:51.0710 0x01e8  usbhub - ok
23:09:51.0713 0x01e8  USBHUB3 - ok
23:09:51.0730 0x01e8  usbohci - ok
23:09:51.0749 0x01e8  usbprint - ok
23:09:51.0762 0x01e8  usbser - ok
23:09:51.0777 0x01e8  USBSTOR - ok
23:09:51.0777 0x01e8  usbuhci - ok
23:09:51.0793 0x01e8  USBXHCI - ok
23:09:51.0824 0x01e8  UserDataSvc - ok
23:09:51.0871 0x01e8  UserManager - ok
23:09:51.0902 0x01e8  UsoSvc - ok
23:09:51.0902 0x01e8  VaultSvc - ok
23:09:51.0980 0x01e8  [ 8C17F3795DAE9A0ECDE4B3A3B0740E5F, 65807F2EEB7E60E1A7EFB4AEC9BB20C7121E8754E9001616DF919E5EA8B7C541 ] vbrskec         C:\WINDOWS\system32\drivers\ewdsbm.sys
23:09:51.0980 0x01e8  vbrskec - ok
23:09:52.0000 0x01e8  vdrvroot - ok
23:09:52.0027 0x01e8  vds - ok
23:09:52.0027 0x01e8  VerifierExt - ok
23:09:52.0027 0x01e8  vhdmp - ok
23:09:52.0027 0x01e8  vhf - ok
23:09:52.0043 0x01e8  vmbus - ok
23:09:52.0043 0x01e8  VMBusHID - ok
23:09:52.0074 0x01e8  vmicguestinterface - ok
23:09:52.0074 0x01e8  vmicheartbeat - ok
23:09:52.0074 0x01e8  vmickvpexchange - ok
23:09:52.0090 0x01e8  vmicrdv - ok
23:09:52.0090 0x01e8  vmicshutdown - ok
23:09:52.0090 0x01e8  vmictimesync - ok
23:09:52.0090 0x01e8  vmicvmsession - ok
23:09:52.0090 0x01e8  vmicvss - ok
23:09:52.0105 0x01e8  volmgr - ok
23:09:52.0105 0x01e8  volmgrx - ok
23:09:52.0121 0x01e8  volsnap - ok
23:09:52.0121 0x01e8  vpci - ok
23:09:52.0121 0x01e8  vsmraid - ok
23:09:52.0137 0x01e8  VSS - ok
23:09:52.0137 0x01e8  VSTXRAID - ok
23:09:52.0137 0x01e8  vwifibus - ok
23:09:52.0152 0x01e8  vwififlt - ok
23:09:52.0152 0x01e8  vwifimp - ok
23:09:52.0168 0x01e8  W32Time - ok
23:09:52.0168 0x01e8  WacomPen - ok
23:09:52.0183 0x01e8  WalletService - ok
23:09:52.0183 0x01e8  wanarp - ok
23:09:52.0183 0x01e8  wanarpv6 - ok
23:09:52.0199 0x01e8  wbengine - ok
23:09:52.0215 0x01e8  WbioSrvc - ok
23:09:52.0230 0x01e8  Wcmsvc - ok
23:09:52.0230 0x01e8  wcncsvc - ok
23:09:52.0253 0x01e8  WcsPlugInService - ok
23:09:52.0262 0x01e8  WdBoot - ok
23:09:52.0262 0x01e8  Wdf01000 - ok
23:09:52.0277 0x01e8  WdFilter - ok
23:09:52.0293 0x01e8  WdiServiceHost - ok
23:09:52.0293 0x01e8  WdiSystemHost - ok
23:09:52.0308 0x01e8  wdiwifi - ok
23:09:52.0324 0x01e8  WdNisDrv - ok
23:09:52.0340 0x01e8  WdNisSvc - ok
23:09:52.0340 0x01e8  WebClient - ok
23:09:52.0355 0x01e8  Wecsvc - ok
23:09:52.0371 0x01e8  WEPHOSTSVC - ok
23:09:52.0418 0x01e8  wercplsupport - ok
23:09:52.0433 0x01e8  WerSvc - ok
23:09:52.0449 0x01e8  WFPLWFS - ok
23:09:52.0465 0x01e8  WiaRpc - ok
23:09:52.0480 0x01e8  WIMMount - ok
23:09:52.0496 0x01e8  WinDefend - ok
23:09:52.0510 0x01e8  WindowsTrustedRT - ok
23:09:52.0527 0x01e8  WindowsTrustedRTProxy - ok
23:09:52.0543 0x01e8  WinHttpAutoProxySvc - ok
23:09:52.0558 0x01e8  WinMad - ok
23:09:52.0605 0x01e8  Winmgmt - ok
23:09:52.0621 0x01e8  WinRM - ok
23:09:52.0652 0x01e8  WINUSB - ok
23:09:52.0652 0x01e8  WinVerbs - ok
23:09:52.0683 0x01e8  WlanSvc - ok
23:09:52.0699 0x01e8  wlidsvc - ok
23:09:52.0715 0x01e8  WmiAcpi - ok
23:09:52.0730 0x01e8  wmiApSrv - ok
23:09:52.0777 0x01e8  WMPNetworkSvc - ok
23:09:52.0808 0x01e8  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
23:09:52.0824 0x01e8  Wof - ok
23:09:52.0840 0x01e8  workfolderssvc - ok
23:09:52.0840 0x01e8  wpcfltr - ok
23:09:52.0871 0x01e8  WPDBusEnum - ok
23:09:52.0871 0x01e8  WpdUpFltr - ok
23:09:52.0887 0x01e8  WpnService - ok
23:09:52.0902 0x01e8  ws2ifsl - ok
23:09:52.0918 0x01e8  wscsvc - ok
23:09:52.0918 0x01e8  WSearch - ok
23:09:52.0933 0x01e8  WSService - ok
23:09:52.0965 0x01e8  wuauserv - ok
23:09:52.0980 0x01e8  WudfPf - ok
23:09:52.0987 0x01e8  WUDFRd - ok
23:09:52.0995 0x01e8  wudfsvc - ok
23:09:53.0000 0x01e8  WUDFWpdFs - ok
23:09:53.0004 0x01e8  WUDFWpdMtp - ok
23:09:53.0015 0x01e8  WwanSvc - ok
23:09:53.0055 0x01e8  XblAuthManager - ok
23:09:53.0071 0x01e8  XblGameSave - ok
23:09:53.0086 0x01e8  xboxgip - ok
23:09:53.0086 0x01e8  XboxNetApiSvc - ok
23:09:53.0117 0x01e8  xinputhid - ok
23:09:53.0117 0x01e8  ================ Scan global ===============================
23:09:53.0205 0x01e8  [ Global ] - ok
23:09:53.0205 0x01e8  ================ Scan MBR ==================================
23:09:53.0236 0x01e8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
23:09:54.0449 0x01e8  \Device\Harddisk0\DR0 - ok
23:09:54.0449 0x01e8  ================ Scan VBR ==================================
23:09:54.0500 0x01e8  [ 7A0E00F66383F2EFA4C7572CC96AF8F3 ] \Device\Harddisk0\DR0\Partition1
23:09:54.0652 0x01e8  \Device\Harddisk0\DR0\Partition1 - ok
23:09:54.0668 0x01e8  [ EE2AF5B98B382984F7AFFD09E8373F8F ] \Device\Harddisk0\DR0\Partition2
23:09:54.0715 0x01e8  \Device\Harddisk0\DR0\Partition2 - ok
23:09:54.0762 0x01e8  [ C1948A597150C99616D73F3394049D7E ] \Device\Harddisk0\DR0\Partition3
23:09:54.0777 0x01e8  \Device\Harddisk0\DR0\Partition3 - ok
23:09:54.0793 0x01e8  [ 1B29FB44BBBF88E51FA9F1DE7DB0D9C5 ] \Device\Harddisk0\DR0\Partition4
23:09:54.0887 0x01e8  \Device\Harddisk0\DR0\Partition4 - ok
23:09:54.0918 0x01e8  [ 044F818F12F26DB0A25546EBD8045A24 ] \Device\Harddisk0\DR0\Partition5
23:09:54.0949 0x01e8  \Device\Harddisk0\DR0\Partition5 - ok
23:09:54.0980 0x01e8  [ 1A0EB5B914D039E8834A7F6583DC9825 ] \Device\Harddisk0\DR0\Partition6
23:09:55.0058 0x01e8  \Device\Harddisk0\DR0\Partition6 - ok
23:09:55.0105 0x01e8  [ 0F17D018653DC1AE8EDCCE8A1102998E ] \Device\Harddisk0\DR0\Partition7
23:09:55.0293 0x01e8  \Device\Harddisk0\DR0\Partition7 - ok
23:09:55.0293 0x01e8  ================ Scan generic autorun ======================
23:09:55.0340 0x01e8  [ 49BD5663071AA799AC0B1E6B48EB9257, 39364B7E08C87545B4E48264509D73800FE5B0A76E34E0B169DA489895820B22 ] C:\Program Files\IDT\WDM\beats64.exe
23:09:55.0433 0x01e8  BeatsOSDApp - detected UnsignedFile.Multi.Generic ( 1 )
23:09:57.0794 0x01e8  Detect skipped due to KSN trusted
23:09:57.0794 0x01e8  BeatsOSDApp - ok
23:09:57.0934 0x01e8  [ F5A5DBADCD24BDF33BFDAA789E39C876, A0D931FA339CA1FB6198BF5DF327ECEB0881796FFF92BDE0F9FC2C233C46E83C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
23:09:57.0950 0x01e8  AdobeAAMUpdater-1.0 - ok
23:09:58.0121 0x01e8  [ 94BFCE236D6340011721470E394056E3, 42A7808F6C53C268354E9E47F0689FE2B4717F61E97CBAA0ABF33E0275B908EF ] C:\Program Files\IDT\WDM\sttray64.exe
23:09:58.0199 0x01e8  SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
23:10:00.0543 0x01e8  Detect skipped due to KSN trusted
23:10:00.0543 0x01e8  SysTrayApp - ok
23:10:00.0558 0x01e8  StartCN - ok
23:10:00.0621 0x01e8  [ 6513807FEE68E6C32E67437EE3FFB6C8, 2AB388BD68E984C38EAAF2D42DE918A64B42DA229627FC0B1A896A8AD60B5F91 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
23:10:00.0637 0x01e8  SunJavaUpdateSched - ok
23:10:00.0715 0x01e8  [ 297C1BDCC26ADB339D4C0F0550E434D6, EFF4EC2543421BE537B1EDC8E88CFF7C529F3774F54BD9A71CCDB33EE9ED6370 ] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe
23:10:00.0760 0x01e8  Malwarebytes Anti-Malware (cleanup) - ok
23:10:01.0418 0x01e8  OneDriveSetup - ok
23:10:01.0418 0x01e8  OneDriveSetup - ok
23:10:01.0687 0x01e8  [ 61F488AC3053DEB2AADB6A34DEBC8876, B5C5E0325F0FB4A37E80F08273B7483630F676C6342519564798CE7D1F121CB7 ] C:\Users\lee and kate\AppData\Local\Microsoft\OneDrive\OneDrive.exe
23:10:01.0720 0x01e8  OneDrive - ok
23:10:02.0014 0x01e8  [ 341ADA552AAC541FD34C262296C256EE, 32672460EDDD46550955508343904705D8F26E10F713E3CACDC84689567A9ECF ] C:\Program Files (x86)\Steam\steam.exe
23:10:02.0092 0x01e8  Steam - ok
23:10:02.0097 0x01e8  Waiting for KSN requests completion. In queue: 5
23:10:03.0097 0x01e8  Waiting for KSN requests completion. In queue: 5
23:10:04.0105 0x01e8  Waiting for KSN requests completion. In queue: 5
23:10:04.0543 0x1904  Object required for P2P: [ 341ADA552AAC541FD34C262296C256EE ] C:\Program Files (x86)\Steam\steam.exe
23:10:05.0121 0x01e8  Waiting for KSN requests completion. In queue: 1
23:10:06.0137 0x01e8  Waiting for KSN requests completion. In queue: 1
23:10:07.0002 0x1904  Object send P2P result: true
23:10:07.0262 0x01e8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x61100 ( enabled : updated )
23:10:07.0309 0x01e8  Win FW state via NFP2: enabled ( trusted )
23:10:09.0693 0x01e8  ============================================================
23:10:09.0693 0x01e8  Scan finished
23:10:09.0693 0x01e8  ============================================================
23:10:09.0700 0x1458  Detected object count: 0
23:10:09.0700 0x1458  Actual detected object count: 0

Edited by likishi84, 16 May 2016 - 05:12 PM.


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 16 May 2016 - 05:19 PM

Hello likishi84 and Welcome to the BleepingComputer. :welcome:  
 My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.<== İmportant
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Sincerely
:hello:


Edited by olgun52, 16 May 2016 - 05:24 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 likishi84

likishi84
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 16 May 2016 - 05:23 PM

thanks will sort out pc now have only just got this back and programs on there i did not install so was uninstalling and getting it back to how i had it 



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 16 May 2016 - 05:29 PM

Please do not another scan operations


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 likishi84

likishi84
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 17 May 2016 - 03:16 AM

I did not run any scans just uninstalled the software that was on there I did not put on thanks for your help in advance

Edited by likishi84, 17 May 2016 - 03:27 AM.


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 17 May 2016 - 01:17 PM

Sorry for the delayed response.

 

Uninstall: Sophos Anti-Rootkit

=======================================================================

Step 1:
 FRST Script:
 Please download this attached  Attached File  Fixlist.txt   2.58KB   3 downloads and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

========================================================================

How is  you PC running now and are there still septoms.?

Have a nice day.


Edited by olgun52, 17 May 2016 - 01:18 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 likishi84

likishi84
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 17 May 2016 - 04:58 PM

Thanks will have to do this in the morning thanks for your reply will post logs when done

#9 likishi84

likishi84
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 18 May 2016 - 05:22 AM

hi ran the fix today here is report 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-05-2016
Ran by lee and kate (2016-05-18 11:10:55) Run:1
Running from C:\Users\lee and kate\Downloads
Loaded Profiles: lee and kate (Available Profiles: lee and kate)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {C9BFDED8-9CBC-430C-963B-8ECCBEC70910} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2016-04-07] ()
C:\Users\lee and kate\AppData\Local\Temp\sdkkqf.exe
2016-05-16 22:34 - 2010-05-26 10:45 - 00135168 _____ () C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sar1.dll
2016-05-16 22:34 - 2010-05-26 10:45 - 00135168 _____ () C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sar3.dll
2016-05-16 22:34 - 2010-05-26 10:45 - 00135168 _____ () C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sar4.dll
FirewallRules: [TCP Query User{2D1A9B5C-B359-486D-8F82-23BB5D2E72DB}C:\users\lee and kate\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\lee and kate\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{28C61CED-CC05-4EB1-9EAA-5690158454DD}C:\users\lee and kate\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\lee and kate\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
(Sophos Plc) C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe
() C:\Users\lee and kate\AppData\Local\Temp\sdkkqf.exe
HKU\S-1-5-21-1138134327-1597255425-4252948413-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1138134327-1597255425-4252948413-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0
CHR StartupUrls: Default -> "hxxp://www.facebook.com/","hxxp://youtube.com/"
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx
S3 MEMSWEEP2; C:\WINDOWS\system32\F852.tmp [6144 2010-05-26] (Sophos Plc) [File not signed]
2016-05-16 22:34 - 2016-05-16 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-05-16 22:34 - 2016-05-16 22:34 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-05-16 22:34 - 2010-05-26 10:39 - 00006144 ____N (Sophos Plc) C:\WINDOWS\system32\F852.tmp
C:\WINDOWS\System32\Tasks\AutoKMS
C:\Users\lee and kate\AppData\Local\Temp\bdfilters.dll
C:\Users\lee and kate\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\lee and kate\AppData\Local\Temp\nvStInst.exe
C:\Users\lee and kate\AppData\Local\Temp\radeon-crimson-16.3.2-minimalsetup.exe
C:\Users\lee and kate\AppData\Local\Temp\sdkkqf.exe
C:\Users\lee and kate\AppData\Local\Temp\SkypeSetup.exe
Hosts:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Emptytemp:
Reboot:
End 
 
 
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9BFDED8-9CBC-430C-963B-8ECCBEC70910} => key not found. 
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
C:\Users\lee and kate\AppData\Local\Temp\sdkkqf.exe => moved successfully
"C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sar1.dll" => not found.
"C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sar3.dll" => not found.
"C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sar4.dll" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2D1A9B5C-B359-486D-8F82-23BB5D2E72DB}C:\users\lee and kate\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{28C61CED-CC05-4EB1-9EAA-5690158454DD}C:\users\lee and kate\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe => value removed successfully
C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe => No running process found
C:\Users\lee and kate\AppData\Local\Temp\sdkkqf.exe => No running process found
HKU\S-1-5-21-1138134327-1597255425-4252948413-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value removed successfully
HKU\S-1-5-21-1138134327-1597255425-4252948413-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value not found.
Chrome StartupUrls => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully
MEMSWEEP2 => service removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos" => not found.
C:\Program Files (x86)\Sophos => moved successfully
C:\WINDOWS\system32\F852.tmp => moved successfully
"C:\WINDOWS\System32\Tasks\AutoKMS" => not found.
C:\Users\lee and kate\AppData\Local\Temp\bdfilters.dll => moved successfully
C:\Users\lee and kate\AppData\Local\Temp\jre-8u91-windows-au.exe => moved successfully
C:\Users\lee and kate\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\lee and kate\AppData\Local\Temp\radeon-crimson-16.3.2-minimalsetup.exe => moved successfully
"C:\Users\lee and kate\AppData\Local\Temp\sdkkqf.exe" => not found.
C:\Users\lee and kate\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => 1.3 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:13:07 ====


#10 likishi84

likishi84
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 18 May 2016 - 05:24 AM

also ran zemana anti malware here is report 

 

Zemana AntiMalware 2.20.179.613 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/5/18
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i3-3220 CPU @ 3.30GHz
BIOS Mode              : UEFI
CUID                   : 0000817CC65A024991F929
Scan Type              : Smart Scan
Duration               : 1m 2s
Scanned Objects        : 7767
Detected Objects       : 5
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Fullstuff.net
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E6044F193D4A7E75224B1E380AB2B7490347260D\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E6044F193D4A7E75224B1E380AB2B7490347260D\Blob = 19000000010000001000000079C4963AAC1BA0385290DBC811B59DF60F0000000100000014000000D2B11F62E5C8DBA0FC99571E6FB3FCDD9BD41DB5030000000100000014000000E6044F193D4A7E75224B1E380AB2B7490347260D14000000010000001400000088D123A36439E73F998250149E4F86273E9D02E72000000001000000FE010000308201FA30820167A00302010202105A0D8A2EF5F1C0BA4D1F92E7100C878A300906052B0E03021D05003018311630140603550403130D46756C6C73747566662E6E6574301E170D3135313232363039303035335A170D3339313233313233353935395A3018311630140603550403130D46756C6C73747566662E6E657430819F300D06092A864886F70D010101050003818D0030818902818100C3C65B5B81F11DC76091F8E69184663F6DC665ED5219D718A92AF46BE005ED2B844DC7BAF80F161DDFD284C748CAF4D8245C07914DD59648C78CC50A2538B995E8C2D01341828751238A82B05170741C3DDEF8557AECC919E9B542F357487E29E7EF20824E0DAD2FFAA17D30A6B60B4BDAD19D261268031A6394BACCDD0C3F630203010001A34D304B30490603551D0104423040801022A83D8965E2F5BBCD2A9F278F671D3BA11A3018311630140603550403130D46756C6C73747566662E6E657482105A0D8A2EF5F1C0BA4D1F92E7100C878A300906052B0E03021D050003818100B7701B581C11D9CB5E594773E37063E33F71FCB79CAB81FA9724FB115AAD90C26D2B353B0931530AB3850BBE5AEAEAF0A870C6C01ABA3C1C36AD57A1E5F16AB31483F28DA8336A60E1C08071432F65E863D128CCBF0E866868769D70258149BF697963754D4930C82D30A1E07CAD5698465AF021FEB8533B38A414F94DD1EADD
 
Edge Homepage
Status             : Scanned
Object             : http://asda.com/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Edge Homepage
 
Edge Homepage
Status             : Scanned
Object             : http://santander.co.uk/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Edge Homepage
 
Edge Homepage
Status             : Scanned
Object             : http://homeswapper.co.uk/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Edge Homepage
 
rthdcpl.exe
Status             : Scanned
Object             : %localappdata%\tiledatalayer\realtek hd\rthdcpl.exe
MD5                : 829E7C7D101FAF083ED6BE2D95D8EF9E
Publisher          : -
Size               : 1675264
Version            : 3.8.1.1
Detection          : RiskTool:Win32/BitCoinMiner
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\tiledatalayer\realtek hd\rthdcpl.exe
                Scheduled Task - C:\WINDOWS\System32\Tasks\Realtek HD Audio
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 5
Reported as safe      : 0
Failed                : 0
 
 
after reset windows defender come up with theses two trojans 
 
trojan:win32/dynamer!ac
trojan:win32/gatrud.e!cl


#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 18 May 2016 - 10:21 AM

Thank you,
is there still  trojan.agent.h detected now or any pop-ups ? How is the PC ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 likishi84

likishi84
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 18 May 2016 - 11:20 AM

No pop ups or any sings of the trojan.agent.h any more pc is running fine as far as I can tell thanks for your help

#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 18 May 2016 - 05:09 PM

Very good :thumbup2:

 

Please do;

 

Run Eset Online Scan

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option "Scan Archives" and Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
  • Also a log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 likishi84

likishi84
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 19 May 2016 - 06:02 AM

this is the results of eset 

 

C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\Configuration\block.bat BAT/HostsChanger.A potentially unsafe application
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\block.bat BAT/HostsChanger.A potentially unsafe application cleaned by deleting
C:\Windows\AutoKMS\AutoKMS.exe a variant of MSIL/HackKMS.H potentially unsafe application deleted


#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 19 May 2016 - 03:09 PM

How is PC  and any issue ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users