Jump to content

Kiba

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Alright, i just figured it out myself, didn't read the text properly. Well, thanks for the help. These programs might be useful in the future. I'm still not sure though, why malwarebytes detected "Adobe Licensing Console" as a threat. Or was it a false positive.
  2. ---->"Deleted : RP #36 [Windows Update | 11/13/2013 10:01:09]" Why does it say it has deleted a Windows Update? Or is this just from a program we used? # DelFix v10.6 - Logfile created 14/11/2013 at 14:29:08 # Updated 11/11/2013 by Xplode # Username : Kiba - KIBA1 # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Kiba\Desktop\Addition.txt Deleted : C:\Users\Kiba\Desktop\AdwCleaner[s0].txt Deleted : C:\Users\Kiba\Desktop\dds.txt Deleted : C:\Users\Kiba\Desktop\FRST.txt Deleted : C:\Users\Kiba\Desktop\JRT.txt Deleted : HKLM\SOFTWARE\AdwCleaner ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #36 [Windows Update | 11/13/2013 10:01:09] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  3. Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.9.900.117 Mozilla Firefox (25.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. JRT and AdwCleaner logs. ESET Online scanner found nothing. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows 7 Ultimate x64 Ran by Kiba on ke 13.11.2013 at 19:09:04,83 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\Kiba\AppData\Roaming\mozilla\firefox\profiles\c604mc1y.default\minidumps [12 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ke 13.11.2013 at 19:14:26,49 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.012 - Report created 13/11/2013 at 19:20:46 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : kiba - KIBA1 # Running from : C:\Users\kiba\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Mozilla Firefox v25.0 (en-US) [ File : C:\Users\kiba\AppData\Roaming\Mozilla\Firefox\Profiles\c604mc1y.default\prefs.js ] ************************* AdwCleaner[R0].txt - [789 octets] - [13/11/2013 19:19:29] AdwCleaner[s0].txt - [711 octets] - [13/11/2013 19:20:46] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [770 octets] ##########
  5. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01 Ran by Kiba at 2013-11-12 18:01:16 Running from D:\DL Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) ARIA Engine v1.6.6.9 (Version: v1.6.6.9) ASIO4ALL (x32 Version: 2.11 Beta2) Bastion (x32) BioShock (x32) Blacklight: Retribution (x32) Blender (Version: 2.68a) Blood Bowl: Chaos Edition (x32) Camel Audio Alchemy (x32 Version: 1.55.0) CCleaner (Version: 4.07) Dungeons of Dredmor (x32) Eraser 6.0.10.2620 (Version: 6.0.2620) eReg (x32 Version: 1.20.138.34) FL Studio 10 (x32) FTL: Faster Than Light (x32) GIMP 2.8.6 (Version: 2.8.6) Global Agenda (x32) Hotline Miami (x32) Inkscape 0.48.4 (x32 Version: 0.48.4) Killing Floor (x32) King's Bounty: Crossworlds (x32) LIMBO (x32) Logitech SetPoint 6.61 (Version: 6.61.15) Magic: The Gathering - Duels of the Planeswalkers 2013 (x32) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Security Client (Version: 4.3.0219.0) Microsoft Security Essentials (Version: 4.3.219.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0) Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0) Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0) Mozilla Maintenance Service (x32 Version: 25.0) MPC-HC 1.7.0 (64-bit) (Version: 1.7.0.7858) MyPaint 1.0.0 (HKCU Version: 1.0.0) Notepad++ (x32 Version: 6.5) NVIDIA 3D Vision Controller Driver 326.01 (Version: 326.01) NVIDIA 3D Vision Driver 327.23 (Version: 327.23) NVIDIA Control Panel 327.23 (Version: 327.23) NVIDIA Graphics Driver 327.23 (Version: 327.23) NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4) NVIDIA Install Application (Version: 2.1002.133.889) NVIDIA PhysX (x32 Version: 9.13.0725) NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723) OpenAL (x32) Path of Exile (x32) Pidgin (x32 Version: 2.10.7) Plogue sforzando v1.669 (Version: v1.669) Portal 2 (x32) PunkBuster Services (x32 Version: 0.992) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5591) Spotify (HKCU Version: 0.9.4.185.g7545a404) Spybot - Search & Destroy (x32 Version: 2.1.21) Steam (x32 Version: 1.0.0.0) SumatraPDF (x32 Version: 2.4) Super Meat Boy (x32) Terraria (x32) The Binding of Isaac (x32) Titan Quest (x32) Trine (x32) Trust tablet driver (Version: 5.01) Unity (x32 Version: ) Unity Web Player (HKCU Version: ) Universe Sandbox (x32) ==================== Restore Points ========================= 09-11-2013 08:48:54 Windows Update 10-11-2013 16:58:17 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-11-10 16:40 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {75000C8C-0A43-4105-8455-D0F7875FBC25} - System32\Tasks\CCleanerSkipUAC => D:\Apps\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd) Task: {9703257F-BB85-44AE-8911-4A142AC08245} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {B7392C99-7FCB-4F0B-AB9C-CF3286997B16} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {CE961C0D-861F-47F6-9F4D-DB30CDA8D89E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-11 01:04 - 2013-05-16 19:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-10-11 01:04 - 2013-05-16 19:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2013-10-11 01:04 - 2013-05-16 19:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-10-11 01:04 - 2012-08-23 19:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-10-11 01:04 - 2012-04-04 02:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/10/2013 02:56:08 PM) (Source: Windows Search Service) (User: ) Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (11/10/2013 02:55:31 PM) (Source: Windows Search Service) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/10/2013 02:55:31 PM) (Source: Windows Search Service) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service) (User: ) Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service) (User: ) Description: The Windows Search Service cannot open the Jet property store. Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800)) System errors: ============= Error: (11/12/2013 08:57:35 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY) Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. Error: (11/11/2013 09:07:07 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY) Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. Error: (11/10/2013 08:58:04 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error: (11/10/2013 03:53:52 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY) Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. Error: (11/10/2013 02:55:33 PM) (Source: Service Control Manager) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (11/10/2013 02:55:33 PM) (Source: Service Control Manager) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (11/10/2013 02:55:11 PM) (Source: Service Control Manager) (User: ) Description: The Adobe Licensing Console service failed to start due to the following error: %%2 Error: (11/10/2013 02:55:00 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY) Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. Error: (11/10/2013 00:32:59 PM) (Source: Service Control Manager) (User: ) Description: The Adobe Licensing Console service failed to start due to the following error: %%2 Error: (11/10/2013 00:32:47 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY) Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. Microsoft Office Sessions: ========================= Error: (11/10/2013 02:56:08 PM) (Source: Windows Search Service)(User: ) Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (11/10/2013 02:55:31 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (11/10/2013 02:55:31 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service)(User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service)(User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) 4700 Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service)(User: ) Description: Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800)) ==================== Memory info =========================== Percentage of memory in use: 36% Total physical RAM: 2047.37 MB Available physical RAM: 1291.08 MB Total Pagefile: 4094.73 MB Available Pagefile: 2971.82 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:48.73 GB) (Free:24.47 GB) NTFS Drive d: () (Fixed) (Total:416.93 GB) (Free:304.6 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 826609AE) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=417 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  6. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01 Ran by Kiba (administrator) on KIBA1 on 12-11-2013 18:00:30 Running from D:\DL Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE () C:\Windows\system32\atwtusb.exe () C:\Windows\system32\atwtusb.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Realtek Semiconductor) C:\Windows\RAVCpl64.exe () C:\Windows\System32\AtwtusbIcon.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor) HKLM\...\Run: [skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-21] (Realtek Semiconductor Corp.) HKLM\...\Run: [AtwtusbIcon] - C:\Windows\System32\AtwtusbIcon.exe [3593728 2012-09-10] () HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation) Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) HKCU\...\Run: [steam] - D:\Games\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation) MountPoints2: {02c2817c-4005-11e3-a8f4-00508dc05268} - F:\Autorun.exe MountPoints2: {02c28199-4005-11e3-a8f4-00508dc05268} - F:\AutoRun.exe MountPoints2: {581aaf68-3fae-11e3-ab57-00508dc05268} - F:\Autorun.exe MountPoints2: {581aaf7f-3fae-11e3-ab57-00508dc05268} - F:\Autorun.exe MountPoints2: {581aaf8d-3fae-11e3-ab57-00508dc05268} - F:\Autorun.exe MountPoints2: {a824fd04-400a-11e3-97c2-00508dc05268} - F:\AutoRun.exe MountPoints2: {fab74a3d-400f-11e3-9f31-00508dc05268} - F:\AutoRun.exe MountPoints2: {fab74a5c-400f-11e3-9f31-00508dc05268} - F:\AutoRun.exe HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKU\Default\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\Default User\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 FireFox: ======== FF ProfilePath: C:\Users\Kiba\AppData\Roaming\Mozilla\Firefox\Profiles\c604mc1y.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - D:\Apps\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kiba\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: Adblock Plus - C:\Users\Kiba\AppData\Roaming\Mozilla\Firefox\Profiles\c604mc1y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt ==================== Services (Whitelisted) ================= R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation) S3 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-12] () R3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) R2 WTService; C:\Windows\system32\atwtusb.exe [581120 2012-10-19] () ==================== Drivers (Whitelisted) ==================== R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-09] (Windows ® Codename Longhorn DDK provider) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider) S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [x] S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-12 18:00 - 2013-11-12 18:00 - 00000000 ____D C:\FRST 2013-11-11 22:07 - 2013-11-11 22:07 - 00011660 _____ C:\Users\Kiba\AppData\Local\recently-used.xbel 2013-11-11 13:07 - 2013-11-11 13:34 - 00005009 _____ C:\Users\Kiba\Desktop\attach.txt 2013-11-11 13:07 - 2013-11-11 13:32 - 00012683 _____ C:\Users\Kiba\Desktop\dds.txt 2013-11-10 17:57 - 2013-11-10 17:57 - 00001945 _____ C:\Windows\epplauncher.mif 2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-11-10 15:53 - 2013-11-10 15:53 - 00000314 _____ C:\Windows\PFRO.log 2013-11-10 14:55 - 2013-11-12 08:57 - 00000224 _____ C:\Windows\setupact.log 2013-11-10 14:55 - 2013-11-10 14:55 - 00000000 _____ C:\Windows\setuperr.log 2013-11-09 23:18 - 2013-11-09 23:18 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2013-11-09 23:18 - 2013-11-09 23:18 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2013-11-09 23:18 - 2013-11-09 23:18 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2013-11-09 23:18 - 2013-11-09 23:18 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2013-11-09 23:18 - 2013-11-09 23:18 - 00000000 ____D C:\Program Files (x86)\OpenAL 2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camel Audio 2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\ProgramData\Camel Audio 2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Program Files (x86)\Camel Audio 2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue Art et Technologie, Inc 2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue 2013-10-31 22:52 - 2013-10-31 22:52 - 00000000 ____D C:\Program Files\Plogue 2013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 2013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2 2013-10-30 16:26 - 2013-11-10 19:35 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Users\Kiba\Documents\Image-Line 2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Program Files (x86)\Image-Line 2013-10-30 16:26 - 2009-09-15 11:14 - 01554944 _____ (HMS http://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm 2013-10-30 16:25 - 2013-10-30 16:25 - 00000000 ____D C:\Program Files (x86)\Outsim 2013-10-30 15:42 - 2013-10-30 15:42 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Malwarebytes 2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-30 15:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-28 21:04 - 2013-10-28 21:04 - 00000000 ____D C:\Windows\system32\appmgmt 2013-10-28 20:41 - 2013-11-01 11:31 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin 2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf 2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf 2013-10-28 19:56 - 2013-10-28 19:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2013-10-28 19:55 - 2013-01-29 17:05 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2013-10-28 19:55 - 2013-01-29 17:05 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll 2013-10-27 15:41 - 2013-10-27 15:42 - 00000000 ____D C:\Users\Kiba\AppData\Local\Microsoft Games 2013-10-24 15:08 - 2013-10-24 15:08 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Blender Foundation 2013-10-24 13:55 - 2013-10-24 13:56 - 00000000 ____D C:\Program Files\Common Files\Logishrd 2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\Users\Public\Documents\Logishrd 2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\ProgramData\Logitech 2013-10-24 13:37 - 2013-10-28 22:21 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2013-10-24 13:37 - 2013-10-24 13:56 - 00000000 ____D C:\ProgramData\Logishrd 2013-10-24 13:37 - 2013-10-24 13:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Leadertech 2013-10-24 13:36 - 2013-10-24 13:36 - 00000000 ____D C:\Program Files\Logitech 2013-10-24 13:35 - 2013-10-24 13:35 - 00000000 ____D C:\Users\Kiba\AppData\Local\Eraser 6 2013-10-24 13:34 - 2013-10-24 13:39 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logitech 2013-10-24 13:34 - 2013-10-24 13:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logishrd 2013-10-24 11:49 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\inkscape 2013-10-23 19:27 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Media Player Classic 2013-10-22 11:31 - 2013-10-22 11:31 - 00000000 ____D C:\Users\Kiba\AppData\Local\Unity 2013-10-22 11:29 - 2013-10-22 11:29 - 00000000 ____D C:\Users\Public\Documents\Unity Projects 2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Notepad++ 2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Windows\SysWOW64\directx 2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Hi-Rez Studios 2013-10-20 13:27 - 2013-10-20 13:27 - 00000000 ____D C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP 2013-10-15 23:49 - 2013-10-15 23:49 - 00000000 ____D C:\Users\Kiba\Documents\ProcAlyzer Dumps 2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-15 18:01 - 2013-10-23 21:40 - 00000000 ____D C:\Users\Kiba\AppData\Local\gtk-2.0 2013-10-15 17:59 - 2013-10-24 15:05 - 00000000 ____D C:\Users\Kiba\.thumbnails 2013-10-15 17:33 - 2013-11-01 14:51 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Spotify 2013-10-15 17:33 - 2013-11-01 11:50 - 00000000 ____D C:\Users\Kiba\AppData\Local\Spotify 2013-10-15 17:33 - 2013-10-15 17:33 - 00001837 _____ C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2013-10-14 20:35 - 2013-11-11 22:02 - 00000000 ____D C:\Users\Kiba\AppData\Local\mypaint 2013-10-14 20:34 - 2013-10-14 20:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPaint 2013-10-13 23:46 - 2013-10-13 23:46 - 00007628 _____ C:\Users\Kiba\AppData\Local\Resmon.ResmonCfg 2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories 2013-10-13 00:14 - 2013-10-29 15:12 - 00000000 ____D C:\Users\Kiba\.gimp-2.8 2013-10-13 00:14 - 2013-10-13 00:14 - 00000000 ____D C:\Users\Kiba\AppData\Local\gegl-0.2 ==================== One Month Modified Files and Folders ======= 2013-11-12 18:00 - 2013-11-12 18:00 - 00000000 ____D C:\FRST 2013-11-12 17:22 - 2013-10-07 00:58 - 01244225 _____ C:\Windows\WindowsUpdate.log 2013-11-12 09:05 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-12 09:05 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-12 09:04 - 2009-07-14 07:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-12 08:57 - 2013-11-10 14:55 - 00000224 _____ C:\Windows\setupact.log 2013-11-12 08:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-12 08:57 - 2009-07-14 04:34 - 00000418 _____ C:\Windows\win.ini 2013-11-11 22:07 - 2013-11-11 22:07 - 00011660 _____ C:\Users\Kiba\AppData\Local\recently-used.xbel 2013-11-11 22:02 - 2013-10-14 20:35 - 00000000 ____D C:\Users\Kiba\AppData\Local\mypaint 2013-11-11 13:34 - 2013-11-11 13:07 - 00005009 _____ C:\Users\Kiba\Desktop\attach.txt 2013-11-11 13:32 - 2013-11-11 13:07 - 00012683 _____ C:\Users\Kiba\Desktop\dds.txt 2013-11-11 09:48 - 2013-10-11 01:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-11-11 09:07 - 2009-07-14 06:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-10 22:03 - 2013-10-11 01:52 - 00057560 _____ C:\Users\Kiba\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-10 19:35 - 2013-10-30 16:26 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2013-11-10 17:57 - 2013-11-10 17:57 - 00001945 _____ C:\Windows\epplauncher.mif 2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-11-10 15:53 - 2013-11-10 15:53 - 00000314 _____ C:\Windows\PFRO.log 2013-11-10 15:02 - 2013-10-11 21:24 - 00000000 ____D C:\Users\Kiba\AppData\Local\NVIDIA 2013-11-10 15:02 - 2013-10-06 17:28 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-10 15:02 - 2013-10-06 17:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-11-10 15:02 - 2013-10-06 17:27 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-11-10 15:02 - 2013-10-06 17:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-11-10 14:55 - 2013-11-10 14:55 - 00000000 _____ C:\Windows\setuperr.log 2013-11-10 14:24 - 2013-10-24 11:49 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\inkscape 2013-11-10 14:24 - 2013-10-23 19:27 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Media Player Classic 2013-11-10 14:24 - 2013-10-07 01:55 - 00000000 ____D C:\Windows\Panther 2013-11-10 12:33 - 2013-10-07 01:15 - 00000000 ___RD C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-11-09 23:19 - 2013-10-11 02:07 - 00000000 ____D C:\Users\Kiba\Documents\My Games 2013-11-09 23:18 - 2013-11-09 23:18 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2013-11-09 23:18 - 2013-11-09 23:18 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2013-11-09 23:18 - 2013-11-09 23:18 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2013-11-09 23:18 - 2013-11-09 23:18 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2013-11-09 23:18 - 2013-11-09 23:18 - 00000000 ____D C:\Program Files (x86)\OpenAL 2013-11-09 21:58 - 2013-10-06 16:49 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\.purple 2013-11-06 14:05 - 2013-10-06 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-06 00:14 - 2013-10-06 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camel Audio 2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\ProgramData\Camel Audio 2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Program Files (x86)\Camel Audio 2013-11-01 14:51 - 2013-10-15 17:33 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Spotify 2013-11-01 11:50 - 2013-10-15 17:33 - 00000000 ____D C:\Users\Kiba\AppData\Local\Spotify 2013-11-01 11:31 - 2013-10-28 20:41 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin 2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue Art et Technologie, Inc 2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue 2013-10-31 22:52 - 2013-10-31 22:52 - 00000000 ____D C:\Program Files\Plogue 2013-10-30 16:53 - 2013-10-07 01:15 - 00000000 ____D C:\Users\Kiba\AppData\Local\VirtualStore 2013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 2013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2 2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Users\Kiba\Documents\Image-Line 2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Program Files (x86)\Image-Line 2013-10-30 16:25 - 2013-10-30 16:25 - 00000000 ____D C:\Program Files (x86)\Outsim 2013-10-30 15:42 - 2013-10-30 15:42 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Malwarebytes 2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-29 15:12 - 2013-10-13 00:14 - 00000000 ____D C:\Users\Kiba\.gimp-2.8 2013-10-28 22:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-10-28 22:21 - 2013-10-24 13:37 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2013-10-28 21:04 - 2013-10-28 21:04 - 00000000 ____D C:\Windows\system32\appmgmt 2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf 2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf 2013-10-28 19:56 - 2013-10-28 19:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2013-10-28 19:55 - 2013-10-07 04:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-10-27 15:42 - 2013-10-27 15:41 - 00000000 ____D C:\Users\Kiba\AppData\Local\Microsoft Games 2013-10-26 16:55 - 2013-10-12 05:31 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr 2013-10-26 16:55 - 2013-10-12 05:16 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2013-10-24 15:08 - 2013-10-24 15:08 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Blender Foundation 2013-10-24 15:05 - 2013-10-15 17:59 - 00000000 ____D C:\Users\Kiba\.thumbnails 2013-10-24 13:56 - 2013-10-24 13:55 - 00000000 ____D C:\Program Files\Common Files\Logishrd 2013-10-24 13:56 - 2013-10-24 13:37 - 00000000 ____D C:\ProgramData\Logishrd 2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\Users\Public\Documents\Logishrd 2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\ProgramData\Logitech 2013-10-24 13:39 - 2013-10-24 13:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logitech 2013-10-24 13:37 - 2013-10-24 13:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Leadertech 2013-10-24 13:36 - 2013-10-24 13:36 - 00000000 ____D C:\Program Files\Logitech 2013-10-24 13:35 - 2013-10-24 13:35 - 00000000 ____D C:\Users\Kiba\AppData\Local\Eraser 6 2013-10-24 13:34 - 2013-10-24 13:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logishrd 2013-10-23 21:40 - 2013-10-15 18:01 - 00000000 ____D C:\Users\Kiba\AppData\Local\gtk-2.0 2013-10-22 11:46 - 2009-07-14 04:34 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts.20131110-164044.backup 2013-10-22 11:31 - 2013-10-22 11:31 - 00000000 ____D C:\Users\Kiba\AppData\Local\Unity 2013-10-22 11:29 - 2013-10-22 11:29 - 00000000 ____D C:\Users\Public\Documents\Unity Projects 2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Notepad++ 2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2013-10-20 13:30 - 2013-10-11 10:13 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\NVIDIA 2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Windows\SysWOW64\directx 2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Hi-Rez Studios 2013-10-20 13:27 - 2013-10-20 13:27 - 00000000 ____D C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP 2013-10-16 10:59 - 2009-07-14 04:34 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts.20131022-124641.backup 2013-10-15 23:49 - 2013-10-15 23:49 - 00000000 ____D C:\Users\Kiba\Documents\ProcAlyzer Dumps 2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-15 17:59 - 2013-10-07 01:14 - 00000000 ____D C:\Users\Kiba 2013-10-15 17:33 - 2013-10-15 17:33 - 00001837 _____ C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2013-10-15 10:36 - 2013-10-07 04:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-15 10:36 - 2013-10-07 04:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-14 20:34 - 2013-10-14 20:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPaint 2013-10-14 20:15 - 2013-10-12 05:16 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2013-10-13 23:46 - 2013-10-13 23:46 - 00007628 _____ C:\Users\Kiba\AppData\Local\Resmon.ResmonCfg 2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories 2013-10-13 00:14 - 2013-10-13 00:14 - 00000000 ____D C:\Users\Kiba\AppData\Local\gegl-0.2 ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-10 21:47 ==================== End Of Log ============================
  7. Gmer did not find anything. Just to note, it was set to Quick Scan - as default. I have actually noticed a little loading time lag when i open Firefox, but sometimes firefox is like that. Maybe some plugin. If i open a new firefox window, while there is one already open, there is not much startup delay.
  8. Malwarebytes detected potential risks: - Registry Keys Detected: 1 HKLM\SYSTEM\CurrentControlSet\Services\Adobe Licensing Console (Trojan.Clicker.CT) -> Quarantined and deleted successfully. - Files Detected: 1 C:\Windows\System32\msvfd32.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully. After removing threats, i fully scanned with Malwarebytes, Spybot S&D 2 and Microsoft Security Essiantials. No threats found. I tend to be careful so i don't know where i got those trojans from. Only explanation is an infected website. 1. I'm not sure if Adobe Licensing Console is a false positive? "Attach log report: Error: Service Control Manager [7000] - The Adobe Licensing Console service failed to start due to the following error: The system cannot find the file specified." What is Adobe Licensing Console and how crucial is it? I haven't installed any Adobe products except for the mandatory flashplayer plugin for firefox. 2. What is a Trojan.Clicker.CT/msvfd32.exe exactly and how risky is it? Is this a concern for my privacy - could it potentially come back or is it even completely removed? I haven't noticed any problems with my computer. Everything seems OK. attach.txt dds.txt mbam-log-2013-11-10 (15-13-41) trojan.clicker.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.