Jump to content

Kiba

Members
  • Posts

    8
  • Joined

  • Last visited

Posts posted by Kiba

  1. ---->"Deleted : RP #36 [Windows Update | 11/13/2013 10:01:09]"

     

    Why does it say it has deleted a Windows Update? Or is this just from a program we used?

     

     

     

     

     

     

    # DelFix v10.6 - Logfile created 14/11/2013 at 14:29:08
    # Updated 11/11/2013 by Xplode
    # Username : Kiba - KIBA1
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

    ~ Activating UAC ... OK

    ~ Removing disinfection tools ...

    Deleted : C:\FRST
    Deleted : C:\AdwCleaner
    Deleted : C:\Users\Kiba\Desktop\Addition.txt
    Deleted : C:\Users\Kiba\Desktop\AdwCleaner[s0].txt
    Deleted : C:\Users\Kiba\Desktop\dds.txt
    Deleted : C:\Users\Kiba\Desktop\FRST.txt
    Deleted : C:\Users\Kiba\Desktop\JRT.txt
    Deleted : HKLM\SOFTWARE\AdwCleaner

    ~ Creating registry backup ... OK

    ~ Cleaning system restore ...

    Deleted : RP #36 [Windows Update | 11/13/2013 10:01:09]

    New restore point created !

    ~ Resetting system settings ... OK

    ########## - EOF - ##########

  2.  Results of screen317's Security Check version 0.99.77  
     Windows 7 Service Pack 1 x64 (UAC is enabled)  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled!  
    Microsoft Security Essentials   
     Antivirus up to date!  
    `````````Anti-malware/Other Utilities Check:`````````
     MVPS Hosts File  
     Spybot - Search & Destroy
     Malwarebytes Anti-Malware version 1.75.0.1300  
     Adobe Flash Player 11.9.900.117  
     Mozilla Firefox (25.0)
    ````````Process Check: objlist.exe by Laurent````````  
     Microsoft Security Essentials MSMpEng.exe
     Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     

  3. JRT and AdwCleaner logs. ESET Online scanner found nothing.

     

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Kiba on ke 13.11.2013 at 19:09:04,83
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ FireFox

    Emptied folder: C:\Users\Kiba\AppData\Roaming\mozilla\firefox\profiles\c604mc1y.default\minidumps [12 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on ke 13.11.2013 at 19:14:26,49
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

     

     

     

     

     

    # AdwCleaner v3.012 - Report created 13/11/2013 at 19:20:46
    # Updated 11/11/2013 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : kiba - KIBA1
    # Running from : C:\Users\kiba\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v0.0.0.0


    -\\ Mozilla Firefox v25.0 (en-US)

    [ File : C:\Users\kiba\AppData\Roaming\Mozilla\Firefox\Profiles\c604mc1y.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [789 octets] - [13/11/2013 19:19:29]
    AdwCleaner[s0].txt - [711 octets] - [13/11/2013 19:20:46]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [770 octets] ##########
     

  4. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
    Ran by Kiba at 2013-11-12 18:01:16
    Running from D:\DL
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
    Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
    ARIA Engine v1.6.6.9 (Version: v1.6.6.9)
    ASIO4ALL (x32 Version: 2.11 Beta2)
    Bastion (x32)
    BioShock (x32)
    Blacklight: Retribution (x32)
    Blender (Version: 2.68a)
    Blood Bowl: Chaos Edition (x32)
    Camel Audio Alchemy (x32 Version: 1.55.0)
    CCleaner (Version: 4.07)
    Dungeons of Dredmor (x32)
    Eraser 6.0.10.2620 (Version: 6.0.2620)
    eReg (x32 Version: 1.20.138.34)
    FL Studio 10 (x32)
    FTL: Faster Than Light (x32)
    GIMP 2.8.6 (Version: 2.8.6)
    Global Agenda (x32)
    Hotline Miami (x32)
    Inkscape 0.48.4 (x32 Version: 0.48.4)
    Killing Floor (x32)
    King's Bounty: Crossworlds (x32)
    LIMBO (x32)
    Logitech SetPoint 6.61 (Version: 6.61.15)
    Magic: The Gathering - Duels of the Planeswalkers 2013 (x32)
    Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
    Microsoft Security Client (Version: 4.3.0219.0)
    Microsoft Security Essentials (Version: 4.3.219.0)
    Microsoft Silverlight (Version: 5.1.20913.0)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
    Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
    Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
    Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0)
    Mozilla Maintenance Service (x32 Version: 25.0)
    MPC-HC 1.7.0 (64-bit) (Version: 1.7.0.7858)
    MyPaint 1.0.0 (HKCU Version: 1.0.0)
    Notepad++ (x32 Version: 6.5)
    NVIDIA 3D Vision Controller Driver 326.01 (Version: 326.01)
    NVIDIA 3D Vision Driver 327.23 (Version: 327.23)
    NVIDIA Control Panel 327.23 (Version: 327.23)
    NVIDIA Graphics Driver 327.23 (Version: 327.23)
    NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
    NVIDIA Install Application (Version: 2.1002.133.889)
    NVIDIA PhysX (x32 Version: 9.13.0725)
    NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
    NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
    OpenAL (x32)
    Path of Exile (x32)
    Pidgin (x32 Version: 2.10.7)
    Plogue sforzando v1.669 (Version: v1.669)
    Portal 2 (x32)
    PunkBuster Services (x32 Version: 0.992)
    Realtek High Definition Audio Driver (x32 Version: 6.0.1.5591)
    Spotify (HKCU Version: 0.9.4.185.g7545a404)
    Spybot - Search & Destroy (x32 Version: 2.1.21)
    Steam (x32 Version: 1.0.0.0)
    SumatraPDF (x32 Version: 2.4)
    Super Meat Boy (x32)
    Terraria (x32)
    The Binding of Isaac (x32)
    Titan Quest (x32)
    Trine (x32)
    Trust tablet driver (Version: 5.01)
    Unity (x32 Version: )
    Unity Web Player (HKCU Version: )
    Universe Sandbox (x32)

    ==================== Restore Points  =========================

    09-11-2013 08:48:54 Windows Update
    10-11-2013 16:58:17 Windows Update

    ==================== Hosts content: ==========================

    2009-07-14 04:34 - 2013-11-10 16:40 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1    www.007guard.com
    127.0.0.1    007guard.com
    127.0.0.1    008i.com
    127.0.0.1    www.008k.com
    127.0.0.1    008k.com
    127.0.0.1    www.00hq.com
    127.0.0.1    00hq.com
    127.0.0.1    010402.com
    127.0.0.1    www.032439.com
    127.0.0.1    032439.com
    127.0.0.1    www.0scan.com
    127.0.0.1    0scan.com
    127.0.0.1    1000gratisproben.com
    127.0.0.1    www.1000gratisproben.com
    127.0.0.1    1001namen.com
    127.0.0.1    www.1001namen.com
    127.0.0.1    100888290cs.com
    127.0.0.1    www.100888290cs.com
    127.0.0.1    www.100sexlinks.com
    127.0.0.1    100sexlinks.com
    127.0.0.1    10sek.com
    127.0.0.1    www.10sek.com
    127.0.0.1    www.1-2005-search.com
    127.0.0.1    1-2005-search.com
    127.0.0.1    123fporn.info
    127.0.0.1    www.123fporn.info
    127.0.0.1    123haustiereundmehr.com
    127.0.0.1    www.123haustiereundmehr.com
    127.0.0.1    123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    Task: {75000C8C-0A43-4105-8455-D0F7875FBC25} - System32\Tasks\CCleanerSkipUAC => D:\Apps\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
    Task: {9703257F-BB85-44AE-8911-4A142AC08245} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Task: {B7392C99-7FCB-4F0B-AB9C-CF3286997B16} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: {CE961C0D-861F-47F6-9F4D-DB30CDA8D89E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-10-11 01:04 - 2013-05-16 19:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2013-10-11 01:04 - 2013-05-16 19:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2013-10-11 01:04 - 2013-05-16 19:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2013-10-11 01:04 - 2012-08-23 19:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2013-10-11 01:04 - 2012-04-04 02:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

    ==================== Safe Mode (whitelisted) ===================


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/10/2013 02:56:08 PM) (Source: Windows Search Service) (User: )


    Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: )
    Description: The index cannot be initialized.


    Details:
        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

    Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application


    Details:
        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

    Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

    Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
        Element not found.  (HRESULT : 0x80070490) (0x80070490)

    Error: (11/10/2013 02:55:31 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in in <Search.JetPropStore> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

    Error: (11/10/2013 02:55:31 PM) (Source: Windows Search Service) (User: )
    Description: The Windows Search Service cannot load the property store information.

    Context: Windows Application, SystemIndex Catalog


    Details:
        The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

    Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


    Details:
        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

    Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service) (User: )
    Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


    Details:
        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

    Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service) (User: )
    Description: The Windows Search Service cannot open the Jet property store.


    Details:
        0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


    System errors:
    =============
    Error: (11/12/2013 08:57:35 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
    Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

    Error: (11/11/2013 09:07:07 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
    Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

    Error: (11/10/2013 08:58:04 PM) (Source: Service Control Manager) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

    Error: (11/10/2013 03:53:52 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
    Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

    Error: (11/10/2013 02:55:33 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (11/10/2013 02:55:33 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated with service-specific error %%-1073473535.

    Error: (11/10/2013 02:55:11 PM) (Source: Service Control Manager) (User: )
    Description: The Adobe Licensing Console service failed to start due to the following error:
    %%2

    Error: (11/10/2013 02:55:00 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
    Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

    Error: (11/10/2013 00:32:59 PM) (Source: Service Control Manager) (User: )
    Description: The Adobe Licensing Console service failed to start due to the following error:
    %%2

    Error: (11/10/2013 00:32:47 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
    Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.


    Microsoft Office Sessions:
    =========================
    Error: (11/10/2013 02:56:08 PM) (Source: Windows Search Service)(User: )


    Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

    Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application


    Details:
        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

    Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

    Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
        Element not found.  (HRESULT : 0x80070490) (0x80070490)
    Search.TripoliIndexer

    Error: (11/10/2013 02:55:31 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
    Search.JetPropStore

    Error: (11/10/2013 02:55:31 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
        The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

    Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
    The catalog is corrupt

    Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
    4700

    Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
        0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


    ==================== Memory info ===========================

    Percentage of memory in use: 36%
    Total physical RAM: 2047.37 MB
    Available physical RAM: 1291.08 MB
    Total Pagefile: 4094.73 MB
    Available Pagefile: 2971.82 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.79 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:48.73 GB) (Free:24.47 GB) NTFS
    Drive d: () (Fixed) (Total:416.93 GB) (Free:304.6 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 826609AE)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=417 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  5. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
    Ran by Kiba (administrator) on KIBA1 on 12-11-2013 18:00:30
    Running from D:\DL
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
    (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
    () C:\Windows\system32\atwtusb.exe
    () C:\Windows\system32\atwtusb.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Realtek Semiconductor) C:\Windows\RAVCpl64.exe
    () C:\Windows\System32\AtwtusbIcon.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)
    HKLM\...\Run: [skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-21] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [AtwtusbIcon] - C:\Windows\System32\AtwtusbIcon.exe [3593728 2012-09-10] ()
    HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
    HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
    Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    HKCU\...\Run: [steam] - D:\Games\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
    MountPoints2: {02c2817c-4005-11e3-a8f4-00508dc05268} - F:\Autorun.exe
    MountPoints2: {02c28199-4005-11e3-a8f4-00508dc05268} - F:\AutoRun.exe
    MountPoints2: {581aaf68-3fae-11e3-ab57-00508dc05268} - F:\Autorun.exe
    MountPoints2: {581aaf7f-3fae-11e3-ab57-00508dc05268} - F:\Autorun.exe
    MountPoints2: {581aaf8d-3fae-11e3-ab57-00508dc05268} - F:\Autorun.exe
    MountPoints2: {a824fd04-400a-11e3-97c2-00508dc05268} - F:\AutoRun.exe
    MountPoints2: {fab74a3d-400f-11e3-9f31-00508dc05268} - F:\AutoRun.exe
    MountPoints2: {fab74a5c-400f-11e3-9f31-00508dc05268} - F:\AutoRun.exe
    HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKU\Default\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\Default User\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
    BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Kiba\AppData\Roaming\Mozilla\Firefox\Profiles\c604mc1y.default
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - D:\Apps\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kiba\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Extension: Adblock Plus - C:\Users\Kiba\AppData\Roaming\Mozilla\Firefox\Profiles\c604mc1y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

    ==================== Services (Whitelisted) =================

    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
    S3 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-12] ()
    R3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
    R2 WTService; C:\Windows\system32\atwtusb.exe [581120 2012-10-19] ()

    ==================== Drivers (Whitelisted) ====================

    R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-09] (Windows ® Codename Longhorn DDK provider)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
    R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]
    S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [x]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [x]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
    S3 VGPU; System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-11-12 18:00 - 2013-11-12 18:00 - 00000000 ____D C:\FRST
    2013-11-11 22:07 - 2013-11-11 22:07 - 00011660 _____ C:\Users\Kiba\AppData\Local\recently-used.xbel
    2013-11-11 13:07 - 2013-11-11 13:34 - 00005009 _____ C:\Users\Kiba\Desktop\attach.txt
    2013-11-11 13:07 - 2013-11-11 13:32 - 00012683 _____ C:\Users\Kiba\Desktop\dds.txt
    2013-11-10 17:57 - 2013-11-10 17:57 - 00001945 _____ C:\Windows\epplauncher.mif
    2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-11-10 15:53 - 2013-11-10 15:53 - 00000314 _____ C:\Windows\PFRO.log
    2013-11-10 14:55 - 2013-11-12 08:57 - 00000224 _____ C:\Windows\setupact.log
    2013-11-10 14:55 - 2013-11-10 14:55 - 00000000 _____ C:\Windows\setuperr.log
    2013-11-09 23:18 - 2013-11-09 23:18 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
    2013-11-09 23:18 - 2013-11-09 23:18 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2013-11-09 23:18 - 2013-11-09 23:18 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
    2013-11-09 23:18 - 2013-11-09 23:18 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2013-11-09 23:18 - 2013-11-09 23:18 - 00000000 ____D C:\Program Files (x86)\OpenAL
    2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camel Audio
    2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\ProgramData\Camel Audio
    2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Program Files (x86)\Camel Audio
    2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue Art et Technologie, Inc
    2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue
    2013-10-31 22:52 - 2013-10-31 22:52 - 00000000 ____D C:\Program Files\Plogue
    2013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
    2013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
    2013-10-30 16:26 - 2013-11-10 19:35 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
    2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Users\Kiba\Documents\Image-Line
    2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Program Files (x86)\Image-Line
    2013-10-30 16:26 - 2009-09-15 11:14 - 01554944 _____ (HMS http://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm
    2013-10-30 16:25 - 2013-10-30 16:25 - 00000000 ____D C:\Program Files (x86)\Outsim
    2013-10-30 15:42 - 2013-10-30 15:42 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Malwarebytes
    2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-10-30 15:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2013-10-28 21:04 - 2013-10-28 21:04 - 00000000 ____D C:\Windows\system32\appmgmt
    2013-10-28 20:41 - 2013-11-01 11:31 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
    2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
    2013-10-28 19:56 - 2013-10-28 19:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
    2013-10-28 19:55 - 2013-01-29 17:05 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
    2013-10-28 19:55 - 2013-01-29 17:05 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
    2013-10-27 15:41 - 2013-10-27 15:42 - 00000000 ____D C:\Users\Kiba\AppData\Local\Microsoft Games
    2013-10-24 15:08 - 2013-10-24 15:08 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Blender Foundation
    2013-10-24 13:55 - 2013-10-24 13:56 - 00000000 ____D C:\Program Files\Common Files\Logishrd
    2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\Users\Public\Documents\Logishrd
    2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\ProgramData\Logitech
    2013-10-24 13:37 - 2013-10-28 22:21 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
    2013-10-24 13:37 - 2013-10-24 13:56 - 00000000 ____D C:\ProgramData\Logishrd
    2013-10-24 13:37 - 2013-10-24 13:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Leadertech
    2013-10-24 13:36 - 2013-10-24 13:36 - 00000000 ____D C:\Program Files\Logitech
    2013-10-24 13:35 - 2013-10-24 13:35 - 00000000 ____D C:\Users\Kiba\AppData\Local\Eraser 6
    2013-10-24 13:34 - 2013-10-24 13:39 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logitech
    2013-10-24 13:34 - 2013-10-24 13:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logishrd
    2013-10-24 11:49 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\inkscape
    2013-10-23 19:27 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Media Player Classic
    2013-10-22 11:31 - 2013-10-22 11:31 - 00000000 ____D C:\Users\Kiba\AppData\Local\Unity
    2013-10-22 11:29 - 2013-10-22 11:29 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
    2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Notepad++
    2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
    2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Windows\SysWOW64\directx
    2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Hi-Rez Studios
    2013-10-20 13:27 - 2013-10-20 13:27 - 00000000 ____D C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
    2013-10-15 23:49 - 2013-10-15 23:49 - 00000000 ____D C:\Users\Kiba\Documents\ProcAlyzer Dumps
    2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-10-15 18:01 - 2013-10-23 21:40 - 00000000 ____D C:\Users\Kiba\AppData\Local\gtk-2.0
    2013-10-15 17:59 - 2013-10-24 15:05 - 00000000 ____D C:\Users\Kiba\.thumbnails
    2013-10-15 17:33 - 2013-11-01 14:51 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Spotify
    2013-10-15 17:33 - 2013-11-01 11:50 - 00000000 ____D C:\Users\Kiba\AppData\Local\Spotify
    2013-10-15 17:33 - 2013-10-15 17:33 - 00001837 _____ C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2013-10-14 20:35 - 2013-11-11 22:02 - 00000000 ____D C:\Users\Kiba\AppData\Local\mypaint
    2013-10-14 20:34 - 2013-10-14 20:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPaint
    2013-10-13 23:46 - 2013-10-13 23:46 - 00007628 _____ C:\Users\Kiba\AppData\Local\Resmon.ResmonCfg
    2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
    2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
    2013-10-13 00:14 - 2013-10-29 15:12 - 00000000 ____D C:\Users\Kiba\.gimp-2.8
    2013-10-13 00:14 - 2013-10-13 00:14 - 00000000 ____D C:\Users\Kiba\AppData\Local\gegl-0.2

    ==================== One Month Modified Files and Folders =======

    2013-11-12 18:00 - 2013-11-12 18:00 - 00000000 ____D C:\FRST
    2013-11-12 17:22 - 2013-10-07 00:58 - 01244225 _____ C:\Windows\WindowsUpdate.log
    2013-11-12 09:05 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-11-12 09:05 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-11-12 09:04 - 2009-07-14 07:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-11-12 08:57 - 2013-11-10 14:55 - 00000224 _____ C:\Windows\setupact.log
    2013-11-12 08:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-11-12 08:57 - 2009-07-14 04:34 - 00000418 _____ C:\Windows\win.ini
    2013-11-11 22:07 - 2013-11-11 22:07 - 00011660 _____ C:\Users\Kiba\AppData\Local\recently-used.xbel
    2013-11-11 22:02 - 2013-10-14 20:35 - 00000000 ____D C:\Users\Kiba\AppData\Local\mypaint
    2013-11-11 13:34 - 2013-11-11 13:07 - 00005009 _____ C:\Users\Kiba\Desktop\attach.txt
    2013-11-11 13:32 - 2013-11-11 13:07 - 00012683 _____ C:\Users\Kiba\Desktop\dds.txt
    2013-11-11 09:48 - 2013-10-11 01:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2013-11-11 09:07 - 2009-07-14 06:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
    2013-11-10 22:03 - 2013-10-11 01:52 - 00057560 _____ C:\Users\Kiba\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-11-10 19:35 - 2013-10-30 16:26 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
    2013-11-10 17:57 - 2013-11-10 17:57 - 00001945 _____ C:\Windows\epplauncher.mif
    2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-11-10 15:53 - 2013-11-10 15:53 - 00000314 _____ C:\Windows\PFRO.log
    2013-11-10 15:02 - 2013-10-11 21:24 - 00000000 ____D C:\Users\Kiba\AppData\Local\NVIDIA
    2013-11-10 15:02 - 2013-10-06 17:28 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-11-10 15:02 - 2013-10-06 17:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2013-11-10 15:02 - 2013-10-06 17:27 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2013-11-10 15:02 - 2013-10-06 17:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2013-11-10 14:55 - 2013-11-10 14:55 - 00000000 _____ C:\Windows\setuperr.log
    2013-11-10 14:24 - 2013-10-24 11:49 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\inkscape
    2013-11-10 14:24 - 2013-10-23 19:27 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Media Player Classic
    2013-11-10 14:24 - 2013-10-07 01:55 - 00000000 ____D C:\Windows\Panther
    2013-11-10 12:33 - 2013-10-07 01:15 - 00000000 ___RD C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2013-11-09 23:19 - 2013-10-11 02:07 - 00000000 ____D C:\Users\Kiba\Documents\My Games
    2013-11-09 23:18 - 2013-11-09 23:18 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
    2013-11-09 23:18 - 2013-11-09 23:18 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2013-11-09 23:18 - 2013-11-09 23:18 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
    2013-11-09 23:18 - 2013-11-09 23:18 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2013-11-09 23:18 - 2013-11-09 23:18 - 00000000 ____D C:\Program Files (x86)\OpenAL
    2013-11-09 21:58 - 2013-10-06 16:49 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\.purple
    2013-11-06 14:05 - 2013-10-06 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-11-06 00:14 - 2013-10-06 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camel Audio
    2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\ProgramData\Camel Audio
    2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Program Files (x86)\Camel Audio
    2013-11-01 14:51 - 2013-10-15 17:33 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Spotify
    2013-11-01 11:50 - 2013-10-15 17:33 - 00000000 ____D C:\Users\Kiba\AppData\Local\Spotify
    2013-11-01 11:31 - 2013-10-28 20:41 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue Art et Technologie, Inc
    2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue
    2013-10-31 22:52 - 2013-10-31 22:52 - 00000000 ____D C:\Program Files\Plogue
    2013-10-30 16:53 - 2013-10-07 01:15 - 00000000 ____D C:\Users\Kiba\AppData\Local\VirtualStore
    2013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
    2013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
    2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Users\Kiba\Documents\Image-Line
    2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Program Files (x86)\Image-Line
    2013-10-30 16:25 - 2013-10-30 16:25 - 00000000 ____D C:\Program Files (x86)\Outsim
    2013-10-30 15:42 - 2013-10-30 15:42 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Malwarebytes
    2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-10-29 15:12 - 2013-10-13 00:14 - 00000000 ____D C:\Users\Kiba\.gimp-2.8
    2013-10-28 22:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
    2013-10-28 22:21 - 2013-10-24 13:37 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
    2013-10-28 21:04 - 2013-10-28 21:04 - 00000000 ____D C:\Windows\system32\appmgmt
    2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
    2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
    2013-10-28 19:56 - 2013-10-28 19:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
    2013-10-28 19:55 - 2013-10-07 04:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-10-27 15:42 - 2013-10-27 15:41 - 00000000 ____D C:\Users\Kiba\AppData\Local\Microsoft Games
    2013-10-26 16:55 - 2013-10-12 05:31 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
    2013-10-26 16:55 - 2013-10-12 05:16 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.exe
    2013-10-24 15:08 - 2013-10-24 15:08 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Blender Foundation
    2013-10-24 15:05 - 2013-10-15 17:59 - 00000000 ____D C:\Users\Kiba\.thumbnails
    2013-10-24 13:56 - 2013-10-24 13:55 - 00000000 ____D C:\Program Files\Common Files\Logishrd
    2013-10-24 13:56 - 2013-10-24 13:37 - 00000000 ____D C:\ProgramData\Logishrd
    2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\Users\Public\Documents\Logishrd
    2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\ProgramData\Logitech
    2013-10-24 13:39 - 2013-10-24 13:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logitech
    2013-10-24 13:37 - 2013-10-24 13:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Leadertech
    2013-10-24 13:36 - 2013-10-24 13:36 - 00000000 ____D C:\Program Files\Logitech
    2013-10-24 13:35 - 2013-10-24 13:35 - 00000000 ____D C:\Users\Kiba\AppData\Local\Eraser 6
    2013-10-24 13:34 - 2013-10-24 13:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logishrd
    2013-10-23 21:40 - 2013-10-15 18:01 - 00000000 ____D C:\Users\Kiba\AppData\Local\gtk-2.0
    2013-10-22 11:46 - 2009-07-14 04:34 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts.20131110-164044.backup
    2013-10-22 11:31 - 2013-10-22 11:31 - 00000000 ____D C:\Users\Kiba\AppData\Local\Unity
    2013-10-22 11:29 - 2013-10-22 11:29 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
    2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Notepad++
    2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
    2013-10-20 13:30 - 2013-10-11 10:13 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\NVIDIA
    2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Windows\SysWOW64\directx
    2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Hi-Rez Studios
    2013-10-20 13:27 - 2013-10-20 13:27 - 00000000 ____D C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
    2013-10-16 10:59 - 2009-07-14 04:34 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts.20131022-124641.backup
    2013-10-15 23:49 - 2013-10-15 23:49 - 00000000 ____D C:\Users\Kiba\Documents\ProcAlyzer Dumps
    2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-10-15 17:59 - 2013-10-07 01:14 - 00000000 ____D C:\Users\Kiba
    2013-10-15 17:33 - 2013-10-15 17:33 - 00001837 _____ C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2013-10-15 10:36 - 2013-10-07 04:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-10-15 10:36 - 2013-10-07 04:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-10-14 20:34 - 2013-10-14 20:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPaint
    2013-10-14 20:15 - 2013-10-12 05:16 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
    2013-10-13 23:46 - 2013-10-13 23:46 - 00007628 _____ C:\Users\Kiba\AppData\Local\Resmon.ResmonCfg
    2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
    2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
    2013-10-13 00:14 - 2013-10-13 00:14 - 00000000 ____D C:\Users\Kiba\AppData\Local\gegl-0.2

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-11-10 21:47

    ==================== End Of Log ============================

  6. Gmer did not find anything. Just to note, it was set to Quick Scan - as default.

     

    I have actually noticed a little loading time lag when i open Firefox, but sometimes firefox is like that. Maybe some plugin. If i open a new firefox window, while there is one already open, there is not much startup delay.

  7. Malwarebytes detected potential risks:

     

    - Registry Keys Detected: 1
    HKLM\SYSTEM\CurrentControlSet\Services\Adobe Licensing Console (Trojan.Clicker.CT) -> Quarantined and deleted successfully.

     

    - Files Detected: 1
    C:\Windows\System32\msvfd32.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully.

     

    After removing threats, i fully scanned with Malwarebytes, Spybot S&D 2 and Microsoft Security Essiantials. No threats found. I tend to be careful so i don't know where i got those trojans from. Only explanation is an infected website.

     

    1. I'm not sure if Adobe Licensing Console is a false positive? "Attach log report: Error: Service Control Manager [7000]  - The Adobe Licensing Console service failed to start due to the following error:  The system cannot find the file specified." What is Adobe Licensing Console and how crucial is it? I haven't installed any Adobe products except for the mandatory flashplayer plugin for firefox.

     

    2. What is a Trojan.Clicker.CT/msvfd32.exe exactly and how risky is it? Is this a concern for my privacy - could it potentially come back or is it even completely removed?

     

    I haven't noticed any problems with my computer. Everything seems OK.

     

     

    attach.txt

    dds.txt

    mbam-log-2013-11-10 (15-13-41) trojan.clicker.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.