Topic '[Malware] Trojan.Agent detected by MBAM but returns at Restart' in forum 'Security Cleanup' - dslreports.com

Re: [Malware] Trojan.Agent detected by MBAM but returns at Resta

Sat, 20 Oct 2012 18:42:20 EDT

LoPhatPhuud posted : Just posting to let LilHurricane and you know I am following this thread, waiting for the last logs.

Re: [Malware] Trojan.Agent detected by MBAM but returns at Resta

Fri, 19 Oct 2012 23:00:51 EDT

lilhurricane posted :

said by Artemis003 :

logs so far.

We still need the online scan log of ESET or BitDefender..as well as the main OTL log.

Please provide that in the next reply, and indicate symptoms (if any) remaining

Re: [Malware] Trojan.Agent detected by MBAM but returns at Resta

Fri, 19 Oct 2012 22:56:54 EDT

lilhurricane posted : OTL Extras logfile created on: 10/19/2012 5:42:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Artemis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.90 Gb Total Physical Memory | 4.90 Gb Available Physical Memory | 83.06% Memory free
11.79 Gb Paging File | 10.81 Gb Available in Paging File | 91.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.89 Gb Total Space | 566.34 Gb Free Space | 82.81% Space Free | Partition Type: NTFS

Computer Name: ARTEMIS-PC | User Name: Artemis | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D05EF6-F4CB-4728-BB8B-1FD5434BBDFF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0EC81AEC-4B28-44A1-83A6-6551A0A93E96}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{228A4119-355E-4663-ABC6-2673FFC15E1A}" = rport=445 | protocol=6 | dir=out | app=system |
"{25DE5F59-CC94-44C3-BF79-89BF8A3CAB68}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2E21189F-1182-482A-8401-37DDF02AE17F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{301FFF55-43ED-4ABF-85B2-7186AB774CCD}" = lport=138 | protocol=17 | dir=in | app=system |
"{30CBE5D7-4ECD-4190-B3A8-42E87634FD26}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{358D6828-9C74-413C-9DB6-746EDCDB3EAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{378130C9-ECE9-4615-8A75-547EA39C7FE2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3881B226-8538-48C8-A186-4368DD37B8DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{485A9B78-7EAC-4B0B-BAF1-6711C2CC555D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58E14AD6-0894-47F4-B43F-EDFD47194312}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5A4505DA-21FF-4A10-BD27-AFC976430414}" = rport=139 | protocol=6 | dir=out | app=system |
"{654FE4AB-2F56-48EE-8439-7289049E6C97}" = rport=138 | protocol=17 | dir=out | app=system |
"{6735AB7D-2C0B-4ED2-9676-45F6E35781A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78CADE11-4063-4BF1-B948-7850A417EFE6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C394BFD-6E8E-45BC-BAC8-3EAE21344526}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{A198E94F-96D3-4974-AE8F-4E7457B1FCCC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB9B1645-ECCD-4181-85FC-832069AEE1CA}" = rport=137 | protocol=17 | dir=out | app=system |
"{B40979B8-CCE8-4323-9756-43ADB21632EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6AC743E-5BEC-4631-9FA8-7C30AEFA66BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C6EEB45B-6D1C-4CA6-B166-B39E973B9757}" = lport=445 | protocol=6 | dir=in | app=system |
"{CEC54B11-4E55-4342-B4E3-0C2257ED8DA1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D64382C6-AAC9-4371-9CA8-06A72BA6894D}" = lport=137 | protocol=17 | dir=in | app=system |
"{E08E3880-0876-45C8-A0EA-13297138E949}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB39667A-1EBA-4A9F-B5FB-61177EF74418}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EC303040-624C-4904-BF6A-38D88A064634}" = lport=139 | protocol=6 | dir=in | app=system |
"{EE2116A8-5037-4118-9939-64CD84F69366}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8C9B44-DF37-45C3-94C1-A2718E5B2015}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{122F4ED2-A6FB-41FB-9C42-0A01B85EFF52}" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord 1.2\bitlord files\bitlord.exe |
"{12F0DC46-D210-45CF-B407-9597D6D77F91}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{164781FF-2EE3-418C-8854-35179684E519}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{17167B59-E512-47A7-8415-7A0A17F7CF45}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{18C823B1-87DC-4914-8866-B56D4DCC4D29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1C53B0A5-01AA-466A-9DA0-5F144713331E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1F0A26D7-14F2-497D-9713-D2DA30017453}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2A3294F4-7151-4AEF-9A38-93A5530D8BFE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{33928CF3-E1A8-4E32-B4AE-839F99D7B45D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{340B3346-9728-4D66-BC55-213D00F53EEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34B92082-047D-4EAE-90AC-05F744974F13}" = protocol=6 | dir=out | app=system |
"{392A3F42-C42D-445D-9466-C66997279514}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3EACF171-176B-4777-BE2A-B29EF648A093}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{40272922-4601-4E64-9DFD-5F4A09BBCB96}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{437C53ED-E7D3-4D4A-A252-6741A0E4F14D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F709FF0-9C99-4A2B-A7BF-D52E9FA1D517}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{5779E2FB-9522-4190-8C65-11680A4F2055}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe |
"{5AC51D7E-650B-40F3-A0AD-660FA538C42B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D4C7731-E5C8-40CD-87C2-1D4C09C4ABC5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5F00FAAC-54FB-4A6B-9BD3-09679B59CB16}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C39E715-E43A-4893-9A92-82A4CC7A54C4}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{6DB901BE-B1D3-4DBA-827F-420FACD5872C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6FCF54E8-A9CB-4E37-A7AE-FA6A4D3EB3F9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8BD09F7E-FCC2-4538-A3CB-279EB2261772}" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord 1.2\bitlord files\bitlord.exe |
"{8E91EF7D-56D1-433B-9227-BBD04AE70B42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{90D7849B-81DD-4B72-85B5-133C0870E16F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9451D46B-9AB5-415B-8753-029D5A8A3860}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9E1735D3-FA5D-4C8C-82B6-8D5E7064EFBC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F0753D3-EE87-4F76-9F4D-E016C1B9E3BC}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\devicesetup.exe |
"{AAD6CDA1-CB2C-46FA-B596-31A7A5465A7C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B4A12418-698E-4947-B84C-AEB49B6A6AAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4F3F0B0-9957-47F6-9BC1-D431658D5631}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B5834F38-FE9C-47D6-BC9C-67BD71A0560F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BAECE6A5-11C3-4EAC-9EF1-3682F48633A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBC31568-3B71-4AF1-B69D-0D337FE88156}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DAB24C46-B6DD-487E-9202-6873832AABA9}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{E9F6AD8E-D3F0-44DE-8A37-64843DF00619}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EF3B7DFB-2D6E-4243-9794-A987F9790E5D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F00CFA27-AC75-4F5D-B7C5-9D3899783FA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0C9F7C6-8979-4BC8-8E02-55B6319D2172}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F250870D-699D-4F13-896F-0B7C27688252}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FDDFAE0B-715F-4C18-81F5-1DF6598A7B8A}" = dir=in | app=d:\setup\hpznui40.exe |
"TCP Query User{6DF2FD56-9BBE-4418-A0FD-A63E332B838D}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"TCP Query User{E4DCD0E5-4FDE-42BF-B297-945C3B5814EE}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"UDP Query User{07461CA5-A532-4CBF-BD68-4C3FC5989E98}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"UDP Query User{ED423578-1896-4EE3-B910-D142D0F87354}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi Software
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B132D631-AD31-41C1-BC8A-9715104C633F}" = Face Recognition
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.30
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F26D0153-CD17-4662-8592-DD98498DE6E4}" = HP Photosmart 5510d series Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = Dell Support Center
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0412CCFF-BFAC-83D8-44FB-3BE60F05FCF8}" = Amazon MP3 Uploader
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{43C423D9-E6D6-4607-ADC9-EBB54F690C57}" = Seagate Dashboard 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.3
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CBA54FA-323E-4C13-BB5C-4E2576D630CB}" = ScanSnap Organizer
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA5E6EB-2C32-4EC6-81E1-7F014052CBD3}" = ScanSnap
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E7CF80F9-A86E-E904-D270-397354D5D6D2}" = Flixster Collections
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{FB4BC1A5-B28D-4DD3-8611-192228F4317D}" = CardMinder V4.1
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"BitLord" = BitLord 1.2
"com.amazon.music.uploader" = Amazon MP3 Uploader
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Dell Webcam Central" = Dell Webcam Central
"Digital Copy" = Digital Copy
"FlixsterCollections" = Flixster Collections
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"uTorrent" = �Torrent
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite" = Windows Live Essentials

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10/16/2012 6:46:18 PM | Computer Name = Artemis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x77c Faulting application start time: 0x01cdabef9d31def9 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 4bbdb0cc-17e3-11e2-811b-bc77374d3ab8

Error - 10/16/2012 6:53:13 PM | Computer Name = Artemis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x738 Faulting application start time: 0x01cdabf0c0d5004e Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 434a0f14-17e4-11e2-afc5-bc77374d3ab8

Error - 10/16/2012 6:59:59 PM | Computer Name = Artemis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x1afc Faulting application start time: 0x01cdabf1154abacd Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 3524b42d-17e5-11e2-afc5-bc77374d3ab8

Error - 10/16/2012 7:05:35 PM | Computer Name = Artemis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x1aac Faulting application start time: 0x01cdabf28cadc7d1 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: fda9bfa0-17e5-11e2-afc5-bc77374d3ab8

Error - 10/16/2012 7:13:17 PM | Computer Name = Artemis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0xf54 Faulting application start time: 0x01cdabf2c6beacca Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 10e9fbe3-17e7-11e2-afc5-bc77374d3ab8

Error - 10/16/2012 7:35:49 PM | Computer Name = Artemis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0xb78 Faulting application start time: 0x01cdabf3e5214339 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 36c9bed9-17ea-11e2-afc5-bc77374d3ab8

Error - 10/16/2012 8:06:39 PM | Computer Name = Artemis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x1eb4 Faulting application start time: 0x01cdabf799f979ca Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 85677602-17ee-11e2-afc5-bc77374d3ab8

Error - 10/16/2012 8:20:31 PM | Computer Name = Artemis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x1fe0 Faulting application start time: 0x01cdabfb729a5e7e Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 755df8d5-17f0-11e2-afc5-bc77374d3ab8

Error - 10/16/2012 8:24:02 PM | Computer Name = Artemis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x23a0 Faulting application start time: 0x01cdabfd82a4b459 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: f3157d0f-17f0-11e2-afc5-bc77374d3ab8

Error - 10/16/2012 8:33:09 PM | Computer Name = Artemis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x22e0 Faulting application start time: 0x01cdabfdbc0eea13 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 392e3c9d-17f2-11e2-afc5-bc77374d3ab8

[ Dell Events ]
Error - 10/23/2011 6:21:55 AM | Computer Name = Artemis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/23/2011 8:46:01 AM | Computer Name = Artemis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/23/2011 8:46:01 AM | Computer Name = Artemis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/27/2011 7:20:26 AM | Computer Name = Artemis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/27/2011 7:20:26 AM | Computer Name = Artemis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/1/2011 7:01:49 AM | Computer Name = Artemis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/1/2011 7:01:49 AM | Computer Name = Artemis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/2/2011 10:03:15 AM | Computer Name = Artemis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/2/2011 10:03:15 AM | Computer Name = Artemis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/3/2011 2:23:30 PM | Computer Name = Artemis-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 12/11/2011 12:28:50 PM | Computer Name = Artemis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 12/11/2011 12:29:20 PM | Computer Name = Artemis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 12/11/2011 3:30:41 PM | Computer Name = Artemis-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 12/12/2011 1:55:37 PM | Computer Name = Artemis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 12/12/2011 1:56:07 PM | Computer Name = Artemis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 12/18/2011 4:54:09 AM | Computer Name = Artemis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 12/18/2011 4:56:04 AM | Computer Name = Artemis-PC | Source = DCOM | ID = 10010
Description =

Error - 12/18/2011 8:02:27 AM | Computer Name = Artemis-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).

Error - 12/22/2011 4:00:22 AM | Computer Name = Artemis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 12/22/2011 4:00:52 AM | Computer Name = Artemis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

< End of report >
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

Re: [Malware] Trojan.Agent detected by MBAM but returns at Resta

Fri, 19 Oct 2012 22:56:15 EDT

lilhurricane posted : MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Dell System XPS L502X
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 156):
0x02801000 \SystemRoot\system32\ntoskrnl.exe
0x02DE9000 \SystemRoot\system32\hal.dll
0x026CF000 \SystemRoot\system32\kdcom.dll
0x00CF5000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D44000 \SystemRoot\system32\PSHED.dll
0x00D58000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E82000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F26000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F35000 \SystemRoot\system32\drivers\ACPI.sys
0x00F8C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F95000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F9F000 \SystemRoot\system32\drivers\pci.sys
0x00FD2000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FDF000 \SystemRoot\System32\drivers\partmgr.sys
0x00FF4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E0C000 \SystemRoot\system32\drivers\volmgr.sys
0x00E21000 \SystemRoot\System32\drivers\volmgrx.sys
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x0105E000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011B2000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x011BD000 \SystemRoot\system32\drivers\fileinfo.sys
0x011D1000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0124F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0142B000 \SystemRoot\System32\Drivers\msrpc.sys
0x01489000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014A4000 \SystemRoot\System32\Drivers\cng.sys
0x01516000 \SystemRoot\System32\drivers\pcw.sys
0x01527000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016E6000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0168A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01531000 \SystemRoot\system32\drivers\volsnap.sys
0x016D4000 \SystemRoot\system32\DRIVERS\stdcfltn.sys
0x0157D000 \SystemRoot\System32\drivers\rdyboost.sys
0x017D8000 \SystemRoot\system32\DRIVERS\nvpciflt.sys
0x017DD000 \SystemRoot\System32\Drivers\mup.sys
0x017EF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x015B7000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01400000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02BB6000 \SystemRoot\System32\Drivers\Null.SYS
0x02BBF000 \SystemRoot\System32\Drivers\Beep.SYS
0x02BC6000 \SystemRoot\System32\drivers\vga.sys
0x02BD4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02A00000 \SystemRoot\System32\drivers\watchdog.sys
0x02A10000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02A19000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02A24000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011DE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02A35000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x00DB6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02C74000 \SystemRoot\system32\drivers\afd.sys
0x02CFD000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D06000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D2C000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02D42000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02D51000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02DA2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02DAE000 \SystemRoot\System32\Drivers\dfsc.sys
0x02DCC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02DF2000 \SystemRoot\system32\drivers\wmiacpi.sys
0x02C00000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x02C11000 \SystemRoot\system32\drivers\usbehci.sys
0x030EB000 \SystemRoot\system32\drivers\USBPORT.SYS
0x03141000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03642000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x03EAD000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x03EBA000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x03EEB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03EED000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03F53000 \SystemRoot\system32\drivers\i8042prt.sys
0x03F71000 \SystemRoot\system32\drivers\kbdclass.sys
0x03400000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0355D000 \SystemRoot\system32\drivers\mouclass.sys
0x0356C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03596000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0359D000 \SystemRoot\system32\DRIVERS\Accelern.sys
0x035AD000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x035BE000 \SystemRoot\system32\drivers\CompositeBus.sys
0x035CE000 \SystemRoot\system32\drivers\mssmbios.sys
0x035D9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03F80000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x035EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03FA4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03FD3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03600000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03621000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03165000 \SystemRoot\system32\drivers\termdd.sys
0x035FB000 \SystemRoot\system32\drivers\swenum.sys
0x03179000 \SystemRoot\system32\drivers\ks.sys
0x03FEE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03000000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0305A000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x03073000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03088000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02A42000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x03096000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x030A9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x030C6000 \SystemRoot\System32\drivers\Dxapi.sys
0x004C0000 \SystemRoot\System32\drivers\dxg.sys
0x00610000 \SystemRoot\System32\TSDDD.dll
0x009D0000 \SystemRoot\System32\framebuf.dll
0x00B00000 \SystemRoot\System32\ATMFD.DLL
0x031BC000 \SystemRoot\system32\drivers\WudfPf.sys
0x05E2C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05E7F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05E92000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05EB0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05EC8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05EF5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05F43000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x77060000 \Windows\System32\ntdll.dll
0x48200000 \Windows\System32\smss.exe
0xFF380000 \Windows\System32\apisetschema.dll
0xFF590000 \Windows\System32\autochk.exe
0xFF2D0000 \Windows\System32\msvcrt.dll
0xFF1A0000 \Windows\System32\rpcrt4.dll
0xFEFC0000 \Windows\System32\setupapi.dll
0xFEFB0000 \Windows\System32\lpk.dll
0x76F00000 \Windows\System32\wininet.dll
0xFEF90000 \Windows\System32\sechost.dll
0x77230000 \Windows\System32\psapi.dll
0xFEEF0000 \Windows\System32\clbcatq.dll
0xFEE10000 \Windows\System32\oleaut32.dll
0x76E00000 \Windows\System32\user32.dll
0xFED30000 \Windows\System32\advapi32.dll
0xFECD0000 \Windows\System32\Wldap32.dll
0xFEC60000 \Windows\System32\gdi32.dll
0xFDED0000 \Windows\System32\shell32.dll
0xFDDC0000 \Windows\System32\msctf.dll
0xFDCF0000 \Windows\System32\usp10.dll
0xFDC50000 \Windows\System32\comdlg32.dll
0xFDBD0000 \Windows\System32\difxapi.dll
0x76CE0000 \Windows\System32\kernel32.dll
0xFDBA0000 \Windows\System32\imm32.dll
0x76AD0000 \Windows\System32\iertutil.dll
0xFDB90000 \Windows\System32\nsi.dll
0xFD980000 \Windows\System32\ole32.dll
0xFD900000 \Windows\System32\shlwapi.dll
0x76980000 \Windows\System32\urlmon.dll
0x77220000 \Windows\System32\normaliz.dll
0xFD8E0000 \Windows\System32\imagehlp.dll
0xFD890000 \Windows\System32\ws2_32.dll
0xFD7F0000 \Windows\System32\comctl32.dll
0xFD7B0000 \Windows\System32\wintrust.dll
0xFD790000 \Windows\System32\devobj.dll
0xFD720000 \Windows\System32\KernelBase.dll
0xFD6E0000 \Windows\System32\cfgmgr32.dll
0xFD570000 \Windows\System32\crypt32.dll
0xFD560000 \Windows\System32\msasn1.dll

Processes (total 31):
0 System Idle Process
4 System
348 C:\Windows\System32\smss.exe
436 csrss.exe
472 C:\Windows\System32\wininit.exe
480 csrss.exe
508 C:\Windows\System32\winlogon.exe
568 C:\Windows\System32\services.exe
576 C:\Windows\System32\lsass.exe
584 C:\Windows\System32\lsm.exe
680 C:\Windows\System32\svchost.exe
752 C:\Windows\System32\svchost.exe
836 C:\Program Files\Microsoft Security Client\MsMpEng.exe
920 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
364 C:\Windows\System32\svchost.exe
464 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1388 C:\Windows\explorer.exe
1456 C:\Windows\System32\ctfmon.exe
2012 C:\Windows\System32\svchost.exe
2332 C:\Windows\svchost.exe
2348 C:\Windows\System32\conhost.exe
2392 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2440 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2160 C:\Users\Artemis\Desktop\OTL.exe
2000 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2088 C:\Windows\SysWOW64\dllhost.exe
1788 C:\Users\Artemis\Desktop\MBRCheck.exe
1020 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`afdf9a00 (NTFS)

PhysicalDrive0 Model Number: ST9750420AS, Rev: 0001DEM1

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

Re: [Malware] Trojan.Agent detected by MBAM but returns at Resta

Fri, 19 Oct 2012 22:54:43 EDT

lilhurricane posted : To keep things in one place for easier analysis..please use the post reply, vs the 'new topic' button. Also please refrain from using any more additional apps unless your helper asks you for it.

Logs opened up:

lwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.16.15

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Artemis :: ARTEMIS-PC [administrator]

10/19/2012 7:51:42 PM
mbam-log-2012-10-19 (19-51-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 304085
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Re: [Malware] Trojan.Agent detected by MBAM but returns at Resta

Fri, 19 Oct 2012 19:29:42 EDT

anon posted : logs so far.

[Malware] Trojan.Agent detected by MBAM but returns at Restart

Fri, 19 Oct 2012 17:19:46 EDT

anon posted : Hello,

I have been having problems with my computer for several days now. Malewarebytes (MBAM) detected two Trojan.agents in Svchost.exe but every time i delete them by the restart they are back. This has also caused my computer to randomly go to a blue screen at times when running which displays "PAGE_FAULT_IN_NONPAGED_AREA" with a code 0x00000050. I am currently running in safe mode and have tried, besides malewarebytes, SUPERantiSpyware and CCleaner but even though those did detect problems they did not delete the trojans. I am also currently running OTL, MBRCheck.exe, and TDSS Killer.
I will post Logs as i get them.

PLEASE HELP!

Thank you,
J.