Jump to content

Problem with Website block


Recommended Posts

Further to post on website blocking section please find attached results of scan as suggested. The full MBAM Pro scan came back with nothing.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 29/10/2009 16:44:15
System Uptime: 25/10/2013 21:19:49 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P7P55D LE
Processor: Intel® Core i7 CPU         860  @ 2.80GHz | LGA1156 | 3497/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 108.198 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 263.276 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP804: 11/10/2013 12:13:43 - Windows Update
RP805: 16/10/2013 12:54:47 - Windows Update
RP806: 16/10/2013 17:23:28 - Windows Update
RP807: 19/10/2013 17:56:33 - Windows Update
RP808: 21/10/2013 18:39:15 - Windows Update
RP809: 25/10/2013 15:55:08 - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
3DMark06
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Color Common Settings
Adobe Color Video Profiles CS CS4
Adobe Download Assistant
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Help Manager
Adobe Illustrator CS6
Adobe Media Player
Adobe Photoshop CS5.1
Adobe Photoshop CS6
Adobe Photoshop Lightroom 4.4 64-bit
Adobe Reader XI (11.0.05)
Adobe Setup
AdobeColorCommonSetRGB
Akamai NetSession Interface
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Registration
Belkin 54Mbps Wireless Network Adapter
Bonjour
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC 8
Canon Utilities Digital Photo Professional
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Citrix XenApp Web Plugin
Download Navigator
Dropbox
Dropbox Export Plug-in version 1.6.0 for Adobe Lightroom
Epson Connect Guide
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
Epson Network Guide XP-750 Series
EPSON Scan
Epson User's Guide XP-750 Series
EPSON XP-750 Series Printer Uninstall
EpsonNet Print
eReg
Eye-One Diagnostics
Eye-One Match 3.6.2
Eye-One Share
FastPictureViewer Codec Pack 3.1
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Helicon Focus 5.3.14
HiJackThis
HijackThis 2.0.2
HydraVision
i1_driver_installer_utility_i1Match version 1.0
inSSIDer
iTunes
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Camera Codec Pack
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Neuratron PhotoScore Lite
Noise Ninja 2 (Standalone Version)
Opanda IExif 2.3
PDF Settings CS6
PDFCreator
Photomatix Pro version 4.0.2
Photomatix Pro version 4.1.4
PhotoTools 2.5
Pixel Bender Toolkit
QuickTime
Rapport
RescuePRO 3.4.0.34
Revo Uninstaller Pro 3.0.7
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Sibelius 5
Sibelius Scorch (all browsers)
Sibelius Scorch (Firefox, Opera, Netscape only)
Sibelius Sounds Essentials
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
The Photographer's Ephemeris
Tom Clancy's Splinter Cell Conviction
Tone Mapping Plug-In 2.1 64-bit
Tone Mapping Plug-In 2.2 64-bit
Topaz Adjust 5
Topaz Adjust 5 (64-bit)
Topaz B&W Effects
Topaz B&W Effects (64-bit)
Topaz Clean 3
Topaz Clean 3 (64-bit)
Topaz DeJpeg 4
Topaz DeJpeg 4 (64-bit)
Topaz DeNoise 5
Topaz DeNoise 5 (64-bit)
Topaz Detail 2
Topaz Detail 2 (64-bit)
Topaz Detail 3
Topaz Fusion Express 2
Topaz Fusion Express 2 (64-bit)
Topaz InFocus
Topaz InFocus (64-bit)
Topaz Lens Effects
Topaz Lens Effects (64-bit)
Topaz ReMask 3
Topaz ReMask 3 (64-bit)
Topaz Simplify 3
Topaz Simplify 3 (64-bit)
True Image 2013
Trusteer Endpoint Protection
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Wacom Tablet
WebTablet FB Plugin 32 bit
WebTablet FB Plugin 64 bit
WebTablet IE Plugin
WebTablet Netscape Plugin
WinZip
.
==== Event Viewer Messages From Past Week ========
.
25/10/2013 08:59:59, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
25/10/2013 08:59:28, Error: Service Control Manager [7000]  - The iPod Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
25/10/2013 08:59:27, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
24/10/2013 21:01:24, Error: Service Control Manager [7034]  - The Rapport Management Service service terminated unexpectedly.  It has done this 1 time(s).
22/10/2013 09:51:26, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
21/10/2013 21:17:35, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.161.307.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.10003.0      Error code: 0x8024402c      Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
21/10/2013 17:18:46, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
21/10/2013 17:18:46, Error: Service Control Manager [7000]  - The SBSD Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
21/10/2013 17:11:51, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
21/10/2013 16:33:52, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
21/10/2013 16:33:51, Error: Service Control Manager [7034]  - The Nalpeiron Licensing Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by Nigel at 23:13:21 on 2013-10-25
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.8183.5326 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\nlsInterface.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Users\Nigel\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Nigel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nigel\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.




TCP: NameServer = 192.168.0.1
TCP: Interfaces\{240E531C-01C5-4567-BF72-B504E86C3735} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5F1AEC1F-9D1D-40D2-8F50-1491A7A73146} : DHCPNameServer = 172.30.139.17 172.31.139.17
TCP: Interfaces\{86CAA214-65E8-4352-B03D-396AF9D236C8} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{86CAA214-65E8-4352-B03D-396AF9D236C8} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{ACE43CAF-4513-49FA-B22F-A34A7D0542A3} : DHCPNameServer = 192.168.1.254
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\


FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-12-11 108832]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-12-22 295696]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2013-4-15 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2013-4-15 183224]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-4-15 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2012-12-11 117024]
R1 RapportCerberus_56758;RapportCerberus_56758;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [2013-9-17 589872]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-9-10 265872]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-9-10 384432]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-4-15 3783672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-2-1 151648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616]
R2 nlscc;Nalpeiron X64 Service;C:\Windows\System32\nlsInterface.EXE [2012-3-16 72192]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2011-7-12 66560]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-9-10 1435928]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-12-12 1153368]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-3-20 7084696]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-8-13 8712096]
R2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-8-13 567712]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-4-15 367200]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-8-13 13688]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-3-26 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\System32\drivers\netr6164.sys [2010-4-7 446304]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]
R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-8-13 66424]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-8-13 15736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-2-1 135824]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2009-10-29 12744]
S3 EyeOneDisplay;EyeOneDisplay;C:\Windows\System32\drivers\i1display_x64.sys [2010-1-16 7808]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;C:\Windows\System32\drivers\netr7364.sys [2009-12-24 716800]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2009-12-4 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2009-12-4 41280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-18 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-2-21 31800]
S3 SeqCal;SeqCal;C:\Windows\System32\drivers\SeqCal.sys [2010-1-16 7808]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-18 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-24 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-2 1255736]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2x.sys [2009-1-13 560128]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
.
=============== Created Last 30 ================
.
2013-10-25 14:55:36    10280728    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4C565742-15E3-4C71-AFD3-CC3B42E8FDE2}\mpengine.dll
2013-10-24 12:46:22    10280728    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-21 16:25:31    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-10-21 16:25:31    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-10-21 16:25:31    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-10-21 16:25:31    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-10-21 16:25:31    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-10-21 16:25:31    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-10-21 16:25:31    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-10-18 15:25:48    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{975EFC49-CDA2-4E7E-95E3-D6BA2D7056DD}\gapaengine.dll
2013-10-18 12:35:04    --------    d-----w-    C:\Users\Nigel\AppData\Local\ElevatedDiagnostics
2013-10-11 11:28:59    775256    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2013-10-11 09:18:30    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2013-10-11 09:17:56    983488    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-11 09:17:56    124112    ----a-w-    C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 09:17:56    102608    ----a-w-    C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 09:17:43    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-10-01 15:38:50    --------    d-----w-    C:\Program Files\iPod
2013-10-01 15:38:49    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-01 15:38:49    --------    d-----w-    C:\Program Files\iTunes
2013-10-01 15:38:49    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-09-26 18:00:39    208760    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-09-26 18:00:39    208760    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-10-08 17:37:16    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 17:37:16    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-09-22 22:54:51    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-10 22:18:28    295696    ----a-w-    C:\Windows\System32\drivers\RapportKE64.sys
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-05 02:25:45    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 23:14:06.59 ===============
 

 

Thanks for your help again.

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:
 

 

Please read the following and post back the logs when ready.

General P2P/Piracy Warning:
 

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)



STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.



Link 1
Link 2


  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.



  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit



  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Link to post
Share on other sites

Thanks for that. Please let me know if you need to see the RKill.txt file as well - you didn't mention it?

 

Here is the RK report - I look forward to hearing from you :-

 

RogueKiller V8.7.5 _x64_ [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Nigel [Admin rights]
Mode : Scan -- Date : 10/26/2013 12:01:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 17 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][sUSP PATH] {93CD97D0-EDC0-4DF8-96B9-4F92431738B6} : msiexec.exe - /package "C:\Users\Admin\Desktop\Adapter.msi" [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500418AS ATA Device +++++
--- User ---
[MBR] f05bd6f820a9e2f24343f2ecb997c658
[bSP] b087487491b1a64df5e2a3a5014f0223 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3500418AS ATA Device +++++
--- User ---
[MBR] ca04af71a45bd275569f0b44bcd60856
[bSP] 15a331634ee4f567272dee7e809df006 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10262013_120152.txt >>



 

Link to post
Share on other sites

  • Root Admin

Sorry for the delay - the wife had a list of thing for me to do today including replacing a ceiling fan. Turns out it needed a new support for that so I had to go up in the attic and bust out a 2x4 that was in the way of the new bracket. Then our local hardware store closed their doors so now I have to drive a few miles any time I need any hardware and as luck would have it I had to drive out there a couple times today. Just now sitting down to relax and do some much easier computer work.

So anyways... this line here. Do you have this file on your desktop and what is it for ?

[V2][sUSP PATH] {93CD97D0-EDC0-4DF8-96B9-4F92431738B6} : msiexec.exe - /package "C:\Users\Admin\Desktop\Adapter.msi" [x][x] ->

Please go ahead and run through the following steps and post back the logs when ready. I think you'll be getting up in a few hours and I'll be up for a few more hours so hopefully we can get some of this done today/tonight.

STEP 03

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

STEP 06

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 07

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

Hope the ceiling fans works OK! I would have replied earlier yesterday morning but like you - had things to do. My wife decided to break her finger playing netball so we were at the hospital rather than fixing PC's!

 

[V2][sUSP PATH] {93CD97D0-EDC0-4DF8-96B9-4F92431738B6} : msiexec.exe - /package "C:\Users\Admin\Desktop\Adapter.msi" [x][x] ->

 

I don't know what this is for or where it is - it's not on my desktop. I have had a couple of occasions where my PC has had trouble connecting to the internet wirelessly though?

 

MBAR didn't find anything and came back clean after the first scan so I didn't run the second time. Here are the logs. I'm now moving on to Step 4 onwards.

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Nigel :: ADMIN-PC [administrator]

27/10/2013 09:21:18
mbar-log-2013-10-27 (09-21-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 280699
Time elapsed: 11 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.497000 GHz
Memory total: 8580554752, free: 6567608320

Downloaded database version: v2013.10.27.02
Downloaded database version: v2013.10.11.02
Initializing...
======================
------------ Kernel report ------------
     10/27/2013 09:21:13
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vidsflt.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vididr.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKE64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\netr6164.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\VX3000.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\wachidrouter.sys
\SystemRoot\system32\DRIVERS\hidkmdf.sys
\SystemRoot\system32\DRIVERS\wacomrouterfilter.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msctf.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\kernel32.dll
\Windows\System32\difxapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\ole32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msvcrt.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
\Windows\System32\imm32.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\setupapi.dll
\Windows\System32\nsi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\user32.dll
\Windows\System32\gdi32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800a54c160
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000ab\
Lower Device Object: 0xfffffa800b714b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800c1b2790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000aa\
Lower Device Object: 0xfffffa800ade9b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007e71790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
Lower Device Object: 0xfffffa8007b7a060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007e83790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-7\
Lower Device Object: 0xfffffa8007b8c060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007e71790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007e712c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007e71790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007e834a0, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8007b78520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007b7a060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007e83790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d06b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007e83790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007d01b40, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8007b399b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007b8c060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8A851357

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 976766976

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4EE22015

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 976564224

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800c1b2790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b732670, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800c1b2790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b9e3b40, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800ade9b60, DeviceName: \Device\000000aa\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800a54c160, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b5ebb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a54c160, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b85cc50, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800b714b60, DeviceName: \Device\000000ab\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
 

Link to post
Share on other sites

OK so here are the results of the JRT and AdwCleaner scans - more to follow :-

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Ultimate x64
Ran by Nigel on 27/10/2013 at  9:59:04.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_dynamic-auto-painter_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_dynamic-auto-painter_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_dynamic-auto-painter_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_dynamic-auto-painter_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Nigel\appdata\local\software"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"



~~~ FireFox

Successfully deleted the following from C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\29h7qu80.default\prefs.js






user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAIAEBAAAAEAIABoBAAAJgAAACAgAAABACAAqBAAAI4EAAAoAAAAEAAAACAAAAABACAAAAAAAAAEAAASCwAAEgsAAAAAAAAAAAAA9IVCS
Emptied folder: C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\29h7qu80.default\minidumps [210 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/10/2013 at 10:03:44.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

# AdwCleaner v3.010 - Report created 27/10/2013 at 10:09:18
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Nigel - ADMIN-PC
# Running from : C:\Users\Nigel\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Nigel\AppData\Local\PackageAware

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\2063809135769628346158041538112017316931514098522
Key Deleted : HKCU\Software\73115156621019274512456614923895292921514098520
Key Deleted : HKCU\Software\73115156621019274512456614923895292921514098521
Key Deleted : HKCU\Software\73115156621019274512456614923895292921514098522

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\73i0qtr7.default\prefs.js ]


[ File : C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\prefs.js ]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

-\\ Google Chrome v

[ File : C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1666 octets] - [27/10/2013 10:06:30]
AdwCleaner[s0].txt - [1603 octets] - [27/10/2013 10:09:18]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1663 octets] ##########
 

 

Malwarebytes scan result.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Nigel :: ADMIN-PC [administrator]

Protection: Enabled

27/10/2013 10:18:35
mbam-log-2013-10-27 (10-18-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250634
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Nothing found on ESET scanner.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2013 01
Ran by Nigel (administrator) on ADMIN-PC on 27-10-2013 11:54:48
Running from C:\Users\Nigel\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Nalpeiron Ltd.) C:\Windows\system32\nlsInterface.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc.) C:\Users\Nigel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516960 2013-02-15] (Acronis)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6366264 2013-03-28] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103440 2013-01-10] (Acronis)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073352 2012-06-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKU\Sue\...\Run: [EPSON PX710W Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE /FU "C:\Windows\TEMP\E_S4A2A.tmp" /EF "HKCU"
Startup: C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nigel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0EBAC48BE8CCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{86CAA214-65E8-4352-B03D-396AF9D236C8}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default
FF DefaultSearchEngine: Google


FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.1 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: Виявлення пристроїв Logitech - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\DeviceDetection@logitech.com
FF Extension: British English Dictionary - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\en-GB@dictionaries.addons.mozilla.org
FF Extension: Forecastfox - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: ReminderFox - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF Extension: FoxClocks - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF Extension: check-compatibility - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\check-compatibility@dactyl.googlecode.com.xpi
FF Extension: compatibility - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\compatibility@addons.mozilla.org.xpi
FF Extension: exif_viewer - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\exif_viewer@mozilla.doslash.org.xpi
FF Extension: thetikihead - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\thetikihead@yahoo.com.xpi
FF Extension: pref - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi
FF Extension: fireftp - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: prefs - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF Extension: downbarconfig - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: greasemonkey - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

Chrome:
=======


CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (ScorchPlugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPSibelius.dll ()
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (avast! WebRep) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0
CHR Extension: (Gmail) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 nlscc; C:\Windows\system32\nlsInterface.exe [72192 2010-11-01] (Nalpeiron Ltd.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1435928 2013-09-10] (Trusteer Ltd.)

==================== Drivers (Whitelisted) ====================

S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2007-08-20] (EnTech Taiwan)
S3 ENTECH64; C:\Windows\SysWow64\DRIVERS\ENTECH64.sys [5632 2004-06-22] (EnTech Taiwan)
S3 EyeOneDisplay; C:\Windows\System32\Drivers\i1display_x64.sys [7808 2005-12-14] (GretagMacbeth LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [589872 2013-09-17] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [265872 2013-09-10] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [295696 2013-09-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [384432 2013-09-10] (Trusteer Ltd.)
S3 SeqCal; C:\Windows\System32\DRIVERS\SeqCal.sys [7808 2006-05-18] (GretagMacbeth LLC)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-04-15] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-04-15] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-04-15] (Acronis International GmbH)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2x.sys [560128 2009-01-13] (Atheros Communications, Inc.)
S4 tsusbhub; system32\drivers\tsusbhub.sys [x]
S4 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-27 11:54 - 2013-10-27 11:54 - 00000000 ____D C:\FRST
2013-10-27 11:52 - 2013-10-27 11:52 - 01956160 _____ (Farbar) C:\Users\Nigel\Desktop\FRST64.exe
2013-10-27 10:29 - 2013-10-27 10:29 - 02347384 _____ (ESET) C:\Users\Nigel\Downloads\esetsmartinstaller_enu.exe
2013-10-27 10:29 - 2013-10-27 10:29 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-27 10:06 - 2013-10-27 10:09 - 00000000 ____D C:\AdwCleaner
2013-10-27 10:03 - 2013-10-27 10:03 - 00003687 _____ C:\Users\Nigel\Desktop\JRT.txt
2013-10-27 09:58 - 2013-10-27 09:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-27 09:56 - 2013-10-27 09:56 - 01060070 _____ C:\Users\Nigel\Desktop\AdwCleaner.exe
2013-10-27 09:55 - 2013-10-27 09:55 - 01033335 _____ (Thisisu) C:\Users\Nigel\Desktop\JRT.exe
2013-10-27 09:21 - 2013-10-27 09:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-27 09:20 - 2013-10-27 09:48 - 00000000 ____D C:\Users\Nigel\Desktop\mbar
2013-10-27 09:20 - 2013-10-27 09:20 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-27 09:18 - 2013-10-27 09:19 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Nigel\Desktop\mbar-1.07.0.1007.exe
2013-10-26 15:24 - 2013-10-26 15:24 - 00003725 _____ C:\Users\Nigel\Desktop\RKreport[0]_S_10262013_162415.txt
2013-10-26 11:01 - 2013-10-26 11:01 - 00003692 _____ C:\Users\Nigel\Desktop\RKreport[0]_S_10262013_120152.txt
2013-10-26 11:00 - 2013-10-26 11:02 - 00000000 ____D C:\Users\Nigel\Desktop\RK_Quarantine
2013-10-26 10:57 - 2013-10-26 10:58 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-26 10:57 - 2013-10-26 10:57 - 00000920 _____ C:\Users\Sue\Desktop\NTREGOPT.lnk
2013-10-26 10:57 - 2013-10-26 10:57 - 00000920 _____ C:\Users\Nigel\Desktop\NTREGOPT.lnk
2013-10-26 10:57 - 2013-10-26 10:57 - 00000901 _____ C:\Users\Sue\Desktop\ERUNT.lnk
2013-10-26 10:57 - 2013-10-26 10:57 - 00000901 _____ C:\Users\Nigel\Desktop\ERUNT.lnk
2013-10-26 10:51 - 2013-10-26 10:53 - 00003768 _____ C:\Users\Nigel\Desktop\Rkill.txt
2013-10-26 08:27 - 2013-10-26 08:27 - 03997696 _____ C:\Users\Nigel\Desktop\RogueKillerX64.exe
2013-10-26 08:26 - 2013-10-26 08:26 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Nigel\Desktop\rkill.exe
2013-10-26 08:26 - 2013-10-26 08:26 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Nigel\Desktop\erunt-setup.exe
2013-10-25 22:14 - 2013-10-25 22:14 - 00022262 _____ C:\Users\Nigel\Desktop\dds.txt
2013-10-25 22:14 - 2013-10-25 22:14 - 00015635 _____ C:\Users\Nigel\Desktop\attach.txt
2013-10-25 22:04 - 2013-10-25 22:04 - 00688992 ____R (Swearware) C:\Users\Nigel\Desktop\dds.com
2013-10-24 13:44 - 2013-10-24 13:44 - 00000541 _____ C:\Windows\KB893803v2.log
2013-10-21 16:25 - 2013-09-04 12:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-21 16:25 - 2013-09-04 12:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-21 16:25 - 2013-09-04 12:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-21 16:25 - 2013-09-04 12:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-21 16:25 - 2013-09-04 12:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-21 16:25 - 2013-09-04 12:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-21 16:25 - 2013-09-04 12:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-16 14:27 - 2013-10-16 14:27 - 00007131 _____ C:\Users\Nigel\Downloads\LD0A2843.xmp
2013-10-16 14:24 - 2013-10-16 14:25 - 38835963 _____ C:\Users\Nigel\Downloads\LD0A2843.CR2
2013-10-14 09:05 - 2013-10-14 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-11 11:29 - 2013-09-22 23:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 11:29 - 2013-09-22 23:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 11:29 - 2013-09-22 23:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 11:29 - 2013-09-22 23:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 11:29 - 2013-09-22 23:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 11:29 - 2013-09-22 22:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 11:29 - 2013-09-22 22:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 11:29 - 2013-09-22 22:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 11:29 - 2013-09-22 22:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 11:29 - 2013-09-22 22:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 11:29 - 2013-09-22 22:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 11:29 - 2013-09-21 03:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 11:29 - 2013-09-21 03:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 11:29 - 2013-09-21 02:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 11:29 - 2013-09-21 02:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 11:28 - 2013-09-22 23:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 11:28 - 2013-09-22 23:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 11:28 - 2013-09-22 23:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 11:28 - 2013-09-22 23:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 11:28 - 2013-09-22 23:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 11:28 - 2013-09-22 23:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 11:28 - 2013-09-22 23:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 11:28 - 2013-09-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 11:28 - 2013-09-22 22:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 11:28 - 2013-09-22 22:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 11:28 - 2013-09-22 22:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 11:28 - 2013-09-22 22:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 11:28 - 2013-09-22 22:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 11:28 - 2013-09-22 22:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 11:28 - 2013-09-22 22:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 11:28 - 2013-09-22 22:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 09:18 - 2013-09-14 01:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 09:18 - 2013-09-08 02:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 09:18 - 2013-09-08 02:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 09:18 - 2013-09-08 02:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 09:18 - 2013-08-29 02:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 09:18 - 2013-08-29 02:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 09:18 - 2013-08-29 02:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 09:18 - 2013-08-29 02:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 09:18 - 2013-08-29 02:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 09:18 - 2013-08-29 01:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 09:18 - 2013-08-29 01:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 09:18 - 2013-08-29 01:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 09:18 - 2013-08-29 01:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 09:18 - 2013-08-29 01:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 09:18 - 2013-08-29 01:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 09:18 - 2013-08-29 00:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 09:18 - 2013-08-29 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 09:18 - 2013-08-29 00:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 09:18 - 2013-08-29 00:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 09:18 - 2013-08-28 01:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 09:18 - 2013-07-12 10:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 09:18 - 2013-07-12 10:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-11 09:18 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 09:18 - 2013-07-04 12:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 09:18 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 09:18 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 09:18 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 09:18 - 2013-07-04 11:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 09:18 - 2013-07-04 10:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-11 09:18 - 2013-07-03 04:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 09:18 - 2013-07-03 04:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 09:18 - 2013-07-03 04:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 09:18 - 2013-06-25 22:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 09:18 - 2013-06-06 05:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 09:18 - 2013-06-06 05:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 09:18 - 2013-06-06 05:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 09:18 - 2013-06-06 05:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 09:18 - 2013-06-06 04:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 09:18 - 2013-06-06 04:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 09:18 - 2013-06-06 04:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 09:18 - 2013-06-06 03:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 09:18 - 2013-06-06 03:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 09:18 - 2013-06-06 03:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 09:17 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 09:17 - 2013-08-01 12:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 09:17 - 2013-07-20 10:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 09:17 - 2013-07-20 10:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:01 - 2013-10-09 14:01 - 00000644 _____ C:\Windows\PFRO.log
2013-10-05 13:23 - 2013-10-27 10:13 - 00000286 _____ C:\Windows\TWAIN.LOG
2013-10-05 13:21 - 2013-10-27 10:12 - 00004816 _____ C:\Windows\setupact.log
2013-10-05 13:21 - 2013-10-05 13:21 - 00000000 _____ C:\Windows\setuperr.log
2013-10-01 15:38 - 2013-10-01 15:39 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-01 15:38 - 2013-10-01 15:39 - 00000000 ____D C:\Program Files\iTunes
2013-10-01 15:38 - 2013-10-01 15:39 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-01 15:38 - 2013-10-01 15:38 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2013-10-27 11:54 - 2013-10-27 11:54 - 00000000 ____D C:\FRST
2013-10-27 11:52 - 2013-10-27 11:52 - 01956160 _____ (Farbar) C:\Users\Nigel\Desktop\FRST64.exe
2013-10-27 11:34 - 2011-08-20 21:25 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-27 11:33 - 2012-10-22 08:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-27 10:31 - 2013-09-18 09:02 - 01937578 _____ C:\Windows\WindowsUpdate.log
2013-10-27 10:29 - 2013-10-27 10:29 - 02347384 _____ (ESET) C:\Users\Nigel\Downloads\esetsmartinstaller_enu.exe
2013-10-27 10:29 - 2013-10-27 10:29 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-27 10:21 - 2009-07-14 04:45 - 00015344 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-27 10:21 - 2009-07-14 04:45 - 00015344 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-27 10:19 - 2009-07-14 05:13 - 00787914 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-27 10:14 - 2012-02-09 19:10 - 00000000 ___RD C:\Users\Nigel\Dropbox
2013-10-27 10:14 - 2012-02-09 19:06 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\Dropbox
2013-10-27 10:14 - 2009-12-12 18:16 - 00000000 ____D C:\Users\Nigel\AppData\Local\Adobe
2013-10-27 10:13 - 2013-10-05 13:23 - 00000286 _____ C:\Windows\TWAIN.LOG
2013-10-27 10:13 - 2012-12-07 17:25 - 00000156 _____ C:\Windows\Twunk001.MTX
2013-10-27 10:13 - 2012-12-07 17:25 - 00000005 _____ C:\Windows\Twain001.Mtx
2013-10-27 10:12 - 2013-10-05 13:21 - 00004816 _____ C:\Windows\setupact.log
2013-10-27 10:12 - 2011-08-20 21:25 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-27 10:12 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-27 10:09 - 2013-10-27 10:06 - 00000000 ____D C:\AdwCleaner
2013-10-27 10:03 - 2013-10-27 10:03 - 00003687 _____ C:\Users\Nigel\Desktop\JRT.txt
2013-10-27 09:58 - 2013-10-27 09:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-27 09:56 - 2013-10-27 09:56 - 01060070 _____ C:\Users\Nigel\Desktop\AdwCleaner.exe
2013-10-27 09:55 - 2013-10-27 09:55 - 01033335 _____ (Thisisu) C:\Users\Nigel\Desktop\JRT.exe
2013-10-27 09:48 - 2013-10-27 09:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-27 09:48 - 2013-10-27 09:20 - 00000000 ____D C:\Users\Nigel\Desktop\mbar
2013-10-27 09:20 - 2013-10-27 09:20 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-27 09:19 - 2013-10-27 09:18 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Nigel\Desktop\mbar-1.07.0.1007.exe
2013-10-26 15:24 - 2013-10-26 15:24 - 00003725 _____ C:\Users\Nigel\Desktop\RKreport[0]_S_10262013_162415.txt
2013-10-26 11:02 - 2013-10-26 11:00 - 00000000 ____D C:\Users\Nigel\Desktop\RK_Quarantine
2013-10-26 11:01 - 2013-10-26 11:01 - 00003692 _____ C:\Users\Nigel\Desktop\RKreport[0]_S_10262013_120152.txt
2013-10-26 10:59 - 2012-03-26 12:19 - 00000000 ____D C:\Windows\ERDNT
2013-10-26 10:58 - 2013-10-26 10:57 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-26 10:57 - 2013-10-26 10:57 - 00000920 _____ C:\Users\Sue\Desktop\NTREGOPT.lnk
2013-10-26 10:57 - 2013-10-26 10:57 - 00000920 _____ C:\Users\Nigel\Desktop\NTREGOPT.lnk
2013-10-26 10:57 - 2013-10-26 10:57 - 00000901 _____ C:\Users\Sue\Desktop\ERUNT.lnk
2013-10-26 10:57 - 2013-10-26 10:57 - 00000901 _____ C:\Users\Nigel\Desktop\ERUNT.lnk
2013-10-26 10:53 - 2013-10-26 10:51 - 00003768 _____ C:\Users\Nigel\Desktop\Rkill.txt
2013-10-26 08:27 - 2013-10-26 08:27 - 03997696 _____ C:\Users\Nigel\Desktop\RogueKillerX64.exe
2013-10-26 08:26 - 2013-10-26 08:26 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Nigel\Desktop\rkill.exe
2013-10-26 08:26 - 2013-10-26 08:26 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Nigel\Desktop\erunt-setup.exe
2013-10-25 22:14 - 2013-10-25 22:14 - 00022262 _____ C:\Users\Nigel\Desktop\dds.txt
2013-10-25 22:14 - 2013-10-25 22:14 - 00015635 _____ C:\Users\Nigel\Desktop\attach.txt
2013-10-25 22:04 - 2013-10-25 22:04 - 00688992 ____R (Swearware) C:\Users\Nigel\Desktop\dds.com
2013-10-25 16:48 - 2013-06-24 09:57 - 00020585 _____ C:\Users\Nigel\Documents\DropboxExport.log
2013-10-25 15:55 - 2010-03-03 18:54 - 00017276 _____ C:\Users\Nigel\Documents\Pension projections v1.xlsx
2013-10-24 13:44 - 2013-10-24 13:44 - 00000541 _____ C:\Windows\KB893803v2.log
2013-10-24 12:44 - 2013-08-19 08:10 - 00000000 ____D C:\Users\Nigel\Documents\WORK
2013-10-23 15:32 - 2012-12-23 14:53 - 00001456 _____ C:\Users\Nigel\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-10-22 09:02 - 2009-12-12 16:00 - 00000000 ___RD C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-21 20:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-21 15:32 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-20 11:14 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-10-18 14:17 - 2009-07-14 02:34 - 00449845 ____R C:\Windows\system32\Drivers\etc\hosts.20131024-215855.backup
2013-10-16 20:30 - 2009-07-14 02:34 - 00449845 ____R C:\Windows\system32\Drivers\etc\hosts.20131018-151719.backup
2013-10-16 16:24 - 2013-03-02 13:05 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-16 16:24 - 2013-03-02 13:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-16 16:24 - 2013-03-02 13:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-16 14:27 - 2013-10-16 14:27 - 00007131 _____ C:\Users\Nigel\Downloads\LD0A2843.xmp
2013-10-16 14:25 - 2013-10-16 14:24 - 38835963 _____ C:\Users\Nigel\Downloads\LD0A2843.CR2
2013-10-16 11:58 - 2010-03-03 18:54 - 00023694 _____ C:\Users\Nigel\Documents\MUSICIANS ACCOUNTS vi.xlsx
2013-10-16 11:42 - 2012-05-07 20:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-14 09:05 - 2013-10-14 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-11 16:29 - 2011-08-20 21:25 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 16:29 - 2011-08-20 21:25 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-11 14:44 - 2009-10-30 00:38 - 00000000 ____D C:\Windows\Panther
2013-10-11 14:43 - 2009-07-14 04:45 - 05217384 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 11:30 - 2010-02-19 09:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 11:27 - 2012-05-17 09:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 11:27 - 2012-05-17 09:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 11:26 - 2011-07-27 10:31 - 00773382 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 11:21 - 2013-08-14 16:29 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 11:19 - 2009-10-29 16:48 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 14:01 - 2013-10-09 14:01 - 00000644 _____ C:\Windows\PFRO.log
2013-10-08 17:37 - 2012-10-22 08:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 17:37 - 2012-04-25 14:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 17:37 - 2011-05-13 15:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 11:26 - 2009-07-14 02:34 - 00449839 ____R C:\Windows\system32\Drivers\etc\hosts.20131016-213023.backup
2013-10-05 13:21 - 2013-10-05 13:21 - 00000000 _____ C:\Windows\setuperr.log
2013-10-05 11:38 - 2011-10-07 16:52 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-10-03 17:47 - 2009-07-14 02:34 - 00449839 ____R C:\Windows\system32\Drivers\etc\hosts.20131008-122654.backup
2013-10-01 15:39 - 2013-10-01 15:38 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-01 15:39 - 2013-10-01 15:38 - 00000000 ____D C:\Program Files\iTunes
2013-10-01 15:39 - 2013-10-01 15:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-01 15:38 - 2013-10-01 15:38 - 00000000 ____D C:\Program Files\iPod

Some content of TEMP:
====================
C:\Users\Nigel\AppData\Local\Temp\HeliconFocus.exe
C:\Users\Nigel\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Nigel\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-24 08:35

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2013 01
Ran by Nigel at 2013-10-27 11:56:08
Running from C:\Users\Nigel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
3DMark06 (x32 Version: 1.1.0)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823)
Adobe AIR (x32 Version: 3.7.0.1860)
Adobe Color Common Settings (x32 Version: 1.0.1)
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)
Adobe Download Assistant (x32 Version: 1.0.6)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0.2)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Help Center 1.0 (x32 Version: 001.000.000)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Illustrator CS6 (x32 Version: 16.0)
Adobe Media Player (x32 Version: 0.0.0)
Adobe Media Player (x32 Version: 1.1)
Adobe Photoshop CS5.1 (x32 Version: 12.1)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Photoshop Lightroom 4.4 64-bit (Version: 4.4.1)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Setup (x32 Version: 1.0)
Adobe Setup (x32 Version: 2.0)
AdobeColorCommonSetRGB (x32 Version: 2.0)
Akamai NetSession Interface (HKCU)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71116.1554)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Registration (x32 Version: 2.01.0000)
Belkin 54Mbps Wireless Network Adapter (x32 Version: 3.00.07)
Bonjour (Version: 3.0.0.10)
Canon DIGITAL CAMERA Solution Disk Software Guide (x32 Version: 1.0.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.2.11)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9)
Canon MOV Decoder (x32 Version: 1.5.0.7)
Canon MOV Encoder (x32 Version: 1.3.1.3)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.4.1.9)
Canon Personal Printing Guide (x32 Version: 1.0.0.1)
Canon Utilities CameraWindow (x32 Version: 7.4.0.7)
Canon Utilities CameraWindow DC (x32 Version: 7.4.1.10)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.1.0.11)
Canon Utilities Digital Photo Professional (x32 Version: 3.13.0.1)
Canon Utilities EOS Utility (x32 Version: 2.10.2.0)
Canon Utilities MyCamera (x32 Version: 7.3.0.5)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities Picture Style Editor (x32 Version: 1.7.0.0)
Canon Utilities WFT Utility (x32 Version: 3.5.1.1)
Canon Utilities ZoomBrowser EX (x32 Version: 6.5.1.15)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.3.0.4)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center InstallProxy (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190)
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190)
CCC Help Czech (x32 Version: 2012.1116.1514.27190)
CCC Help Danish (x32 Version: 2012.1116.1514.27190)
CCC Help Dutch (x32 Version: 2012.1116.1514.27190)
CCC Help English (x32 Version: 2012.1116.1514.27190)
CCC Help Finnish (x32 Version: 2012.1116.1514.27190)
CCC Help French (x32 Version: 2012.1116.1514.27190)
CCC Help German (x32 Version: 2012.1116.1514.27190)
CCC Help Greek (x32 Version: 2012.1116.1514.27190)
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190)
CCC Help Italian (x32 Version: 2012.1116.1514.27190)
CCC Help Japanese (x32 Version: 2012.1116.1514.27190)
CCC Help Korean (x32 Version: 2012.1116.1514.27190)
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190)
CCC Help Polish (x32 Version: 2012.1116.1514.27190)
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190)
CCC Help Russian (x32 Version: 2012.1116.1514.27190)
CCC Help Spanish (x32 Version: 2012.1116.1514.27190)
CCC Help Swedish (x32 Version: 2012.1116.1514.27190)
CCC Help Thai (x32 Version: 2012.1116.1514.27190)
CCC Help Turkish (x32 Version: 2012.1116.1514.27190)
ccc-utility64 (Version: 2012.1116.1515.27190)
CCleaner (Version: 4.05)
Citrix XenApp Web Plugin (x32 Version: 11.0.0.5357)
Download Navigator (x32 Version: 3.4.1)
Dropbox (HKCU Version: 2.0.22)
Dropbox Export Plug-in version 1.6.0 for Adobe Lightroom (x32 Version: 1.6)
Epson Connect Guide (x32)
Epson Easy Photo Print 2 (x32 Version: 2.4.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
Epson Event Manager (x32 Version: 3.01.0007)
Epson Network Guide XP-750 Series (x32)
EPSON Scan (x32)
Epson User's Guide XP-750 Series (x32)
EPSON XP-750 Series Printer Uninstall
EpsonNet Print (x32 Version: 2.5.00)
eReg (x32 Version: 1.20.138.34)
ERUNT 1.1j (x32)
Eye-One Diagnostics (x32)
Eye-One Match 3.6.2 (x32 Version: 3.6.2)
Eye-One Share (x32)
FastPictureViewer Codec Pack 3.1 (x32 Version: 3.1.0.47)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Helicon Focus 5.3.14 (x32)
HiJackThis (x32 Version: 1.0.0)
HijackThis 2.0.2 (x32 Version: 2.0.2)
HydraVision (x32 Version: 4.2.234.0)
i1_driver_installer_utility_i1Match version 1.0 (x32)
inSSIDer (x32 Version: 2.1.5)
iTunes (Version: 11.1.0.126)
Logitech SetPoint 6.32 (Version: 6.32.20)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Camera Codec Pack (Version: 16.4.1734.1104)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Outlook Personal Folders Backup (x32 Version: 1.10.0.0)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works 6-9 Converter (x32 Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0.1)
Mozilla Thunderbird 24.0.1 (x86 en-US) (x32 Version: 24.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Neuratron PhotoScore Lite (x32 Version: 5.5.1)
Noise Ninja 2 (Standalone Version) (x32)
Opanda IExif 2.3 (x32 Version: 2.3)
PDF Settings CS6 (x32 Version: 11.0)
PDFCreator (x32 Version: 1.2.0)
Photomatix Pro version 4.0.2 (Version: 4.0.2)
Photomatix Pro version 4.1.4 (Version: 4.1.4)
PhotoTools 2.5 (x32 Version: 2.5)
Pixel Bender Toolkit (x32 Version: 1.5)
QuickTime (x32 Version: 7.74.80.86)
Rapport (x32 Version: 3.5.1302.61)
RescuePRO 3.4.0.34 (x32)
Revo Uninstaller Pro 3.0.7 (Version: 3.0.7)
Sibelius 5 (x32 Version: 5.2.0)
Sibelius Scorch (all browsers) (x32 Version: 5.2.1)
Sibelius Scorch (Firefox, Opera, Netscape only) (x32 Version: 6.1.5)
Sibelius Sounds Essentials (x32)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
The Photographer's Ephemeris (x32 Version: 1.1.1)
Tom Clancy's Splinter Cell Conviction (x32 Version: 1.04.000)
Tone Mapping Plug-In 2.1 64-bit (Version: 2.1)
Tone Mapping Plug-In 2.2 64-bit (Version: 2.2)
Topaz Adjust 5 (64-bit) (x32 Version: 5.0.0)
Topaz Adjust 5 (x32 Version: 5.0.0)
Topaz B&W Effects (64-bit) (Version: 1.1.0)
Topaz B&W Effects (64-bit) (x32 Version: 1.1.0)
Topaz B&W Effects (x32 Version: 1.1.0)
Topaz Clean 3 (64-bit) (Version: 3.0.2)
Topaz Clean 3 (64-bit) (x32 Version: 3.0.2)
Topaz Clean 3 (x32 Version: 3.0.2)
Topaz DeJpeg 4 (64-bit) (Version: 4.0.2)
Topaz DeJpeg 4 (64-bit) (x32 Version: 4.0.2)
Topaz DeJpeg 4 (x32 Version: 4.0.2)
Topaz DeNoise 5 (64-bit) (Version: 5.0.1)
Topaz DeNoise 5 (64-bit) (x32 Version: 5.0.1)
Topaz DeNoise 5 (x32 Version: 5.0.1)
Topaz Detail 2 (64-bit) (Version: 2.0.5)
Topaz Detail 2 (64-bit) (x32 Version: 2.0.5)
Topaz Detail 2 (x32 Version: 2.0.5)
Topaz Detail 3 (x32 Version: 3.1.0)
Topaz Fusion Express 2 (64-bit) (Version: 2.1.1)
Topaz Fusion Express 2 (64-bit) (x32 Version: 2.1.1)
Topaz Fusion Express 2 (x32 Version: 2.1.1)
Topaz Fusion Express 2 (x32 Version: 2.1.3)
Topaz InFocus (64-bit) (Version: 1.0.0)
Topaz InFocus (64-bit) (x32 Version: 1.0.0)
Topaz InFocus (x32 Version: 1.0.0)
Topaz Lens Effects (64-bit) (Version: 1.2.0)
Topaz Lens Effects (64-bit) (x32 Version: 1.2.0)
Topaz Lens Effects (x32 Version: 1.2.0)
Topaz ReMask 3 (64-bit) (Version: 3.2.1)
Topaz ReMask 3 (64-bit) (x32 Version: 3.2.1)
Topaz ReMask 3 (x32 Version: 3.2.1)
Topaz Simplify 3 (64-bit) (Version: 3.0.2)
Topaz Simplify 3 (64-bit) (x32 Version: 3.0.2)
Topaz Simplify 3 (x32 Version: 3.0.2)
True Image 2013 (x32 Version: 16.0.6514)
Trusteer Endpoint Protection (x32 Version: 3.5.1302.61)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Wacom Tablet (Version: 6.3.2-3)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.1)
WebTablet FB Plugin 64 bit (Version: 2.1.0.1)
WebTablet IE Plugin (x32 Version: 1.1.0.12)
WebTablet Netscape Plugin (x32 Version: 1.1.0.10)
WinZip (x32 Version:  9.0 SR-1 (6224))

==================== Restore Points  =========================

16-10-2013 11:54:47 Windows Update
16-10-2013 16:23:28 Windows Update
19-10-2013 16:56:33 Windows Update
21-10-2013 17:39:15 Windows Update
25-10-2013 14:55:08 Windows Update
27-10-2013 11:48:29 Revo Uninstaller Pro's restore point - Spybot - Search & Destroy

==================== Hosts content: ==========================

2009-07-14 02:34 - 2013-10-24 20:58 - 00449863 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {33BE50A7-1E3A-49C3-BBC7-7F76350265CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {478D2D54-532F-4B20-B04B-67B4C9BFA3FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4ED92474-2D71-4030-91F8-18FA710B77A3} - System32\Tasks\AdobeAAMUpdater-1.0-Admin-PC-Nigel => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {563710FE-C824-445B-819C-E4B08B8AC34C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20] (Google Inc.)
Task: {A0DAADDF-1EA1-4240-8E4B-E6462EB8D212} - System32\Tasks\{93CD97D0-EDC0-4DF8-96B9-4F92431738B6} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {E2C749F3-CA5B-43AE-A606-3B5494D06DF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20] (Google Inc.)
Task: {E67B1862-BEC1-4AC8-A6A0-5EC16E2531BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-13 17:13 - 2012-05-30 09:29 - 01184672 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2013-03-27 21:39 - 2013-03-27 21:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2011-10-07 09:39 - 2011-10-07 09:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-12-22 14:44 - 2013-09-17 20:47 - 00991984 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-13 20:48 - 2013-03-13 20:48 - 24978944 _____ () C:\Users\Nigel\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-28 00:42 - 2013-03-28 00:42 - 13606944 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2013-01-10 12:43 - 2013-01-10 12:43 - 00014360 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2013-09-19 10:28 - 2013-09-19 10:28 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-03-27 21:09 - 2013-03-27 21:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-03-27 21:36 - 2013-03-27 21:36 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:5A775C3F
AlternateDataStreams: C:\Users\Nigel\AppData\Local\desktop.ini:3a96398c0f384e4adf5faa1736aeaf96

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55804799.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55804799.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2013 11:53:07 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/27/2013 11:48:28 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d1133d7d-c4fd-4511-ac95-27b17f00ec45}

Error: (10/27/2013 10:29:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-03-26 13:32:18.036
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\notepad5\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-26 13:32:18.005
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\notepad5\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-01-16 12:41:25.890
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-01-16 12:41:25.888
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-01-16 12:31:52.223
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-01-16 12:31:52.223
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-01-16 12:28:25.558
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-01-16 12:28:25.558
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-01-16 12:26:19.289
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-01-16 12:26:19.274
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 8183.05 MB
Available physical RAM: 4772.65 MB
Total Pagefile: 16364.29 MB
Available Pagefile: 13037.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:108.42 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:465.76 GB) (Free:263.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8A851357)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4EE22015)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Look forward to receiving your advice and instructions thanks very much.

Link to post
Share on other sites

  • Root Admin

This is not good to see.  We may have to investigate that further if it continues  We'll also run a disk check and reset the browsers after this.

 

 

Error: (10/27/2013 11:48:28 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

 

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Here's the log but something strange happened when I re-opened my Firefox browser to copy the log to you. it only opened 1/2 size instead of full size on the screen.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-10-2013
Ran by Nigel at 2013-10-28 08:04:53 Run:1
Running from C:\Users\Nigel\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
HKU\Sue\...\Run: [EPSON PX710W Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE /FU "C:\Windows\TEMP\E_S4A2A.tmp" /EF "HKCU"
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://download.eset...lineScanner.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Extension: ????????? ????????? Logitech - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\DeviceDetection@logitech.com
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
C:\Users\Nigel\AppData\Local\Temp\HeliconFocus.exe
C:\Users\Nigel\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Nigel\AppData\Local\Temp\Quarantine.exe
Task: {563710FE-C824-445B-819C-E4B08B8AC34C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20] (Google Inc.)
Task: {E2C749F3-CA5B-43AE-A606-3B5494D06DF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:5A775C3F
AlternateDataStreams: C:\Users\Nigel\AppData\Local\desktop.ini:3a96398c0f384e4adf5faa1736aeaf96

*****************

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.
HKU\Sue\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON PX710W Series => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully.
HKCR\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2 => Key deleted successfully.
C:\Windows\SysWOW64\npDeployJava1.dll => Moved successfully.
C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\29h7qu80.default\Extensions\DeviceDetection@logitech.com => Moved successfully.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
C:\Users\Nigel\AppData\Local\Temp\HeliconFocus.exe => Moved successfully.
C:\Users\Nigel\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Nigel\AppData\Local\Temp\Quarantine.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{563710FE-C824-445B-819C-E4B08B8AC34C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{563710FE-C824-445B-819C-E4B08B8AC34C} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2C749F3-CA5B-43AE-A606-3B5494D06DF9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2C749F3-CA5B-43AE-A606-3B5494D06DF9} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
"C:\Windows" => ":nlsPreferences" ADS not found.
C:\ProgramData\TEMP => ":5A775C3F" ADS removed successfully.
C:\Users\Nigel\AppData\Local\desktop.ini => ":3a96398c0f384e4adf5faa1736aeaf96" ADS removed successfully.


The system needs a manual reboot.

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

No it does not say it restarted it says you need to restart.  Please go ahead and restart the computer and run the following.

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then restart the computer again and let me know how the computer is running now.

Link to post
Share on other sites

  • Root Admin

Please run a Full Disk Check on your system drive.  If needed here are some links on how to run a Disk Check.

On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit

How to Run Disk Check in Windows 7

How to Run Check Disk at Startup in Vista or Windows 7

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8
 

Please open Event Viewer and click the small copy icon and post back the log from the disk check here on your next reply.

 

 

 

Then after a reboot and completion of the disk check please do the following

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera
 
 
 

Link to post
Share on other sites

Hi Ron

 

Longwinded checking and fixing so here's the log file for drive "C" - I'm just running through my other hard drive and will post back. Just one question - I back up to a separate hard drive - how should I approach that?

 


TimeCreated : 28/10/2013 21:13:41
Message     :
              
              Checking file system on C:
              The type of the file system is NTFS.
              
              A disk check has been scheduled.
              Windows will now check the disk.                         
              
              CHKDSK is verifying files (stage 1 of 5)...
                352256 file records processed.                                 
                      
              File verification completed.
                1552 large file records processed.                             
                    
                0 bad file records processed.                                  
                 
                2 EA records processed.                                        
                 
                59 reparse records processed.                                  
                  
              CHKDSK is verifying indexes (stage 2 of 5)...
                458520 index entries processed.                                
                      
              Index verification completed.
                0 unindexed files scanned.                                     
                 
                0 unindexed files recovered.                                   
                 
              CHKDSK is verifying security descriptors (stage 3 of 5)...
                352256 file SDs/SIDs processed.                                
                      
              Cleaning up 1085 unused index entries from index $SII of file 0x9
              .
              Cleaning up 1085 unused index entries from index $SDH of file 0x9
              .
              Cleaning up 1085 unused security descriptors.
              Security descriptor verification completed.
                53133 data files processed.                                    
                     
              CHKDSK is verifying Usn Journal...
                33790640 USN bytes processed.                                  
                        
              Usn Journal verification completed.
              CHKDSK is verifying file data (stage 4 of 5)...
                352240 files processed.                                        
                      
              File data verification completed.
              CHKDSK is verifying free space (stage 5 of 5)...
                28438328 free clusters processed.                              
                        
              Free space verification is complete.
              Windows has checked the file system and found no problems.
              
               488282111 KB total disk space.
               373889028 KB in 249862 files.
                  170736 KB in 53134 indexes.
                       0 KB in bad sectors.
                  469031 KB in use by the system.
                   65536 KB occupied by the log file.
               113753316 KB available on disk.
              
                    4096 bytes in each allocation unit.
               122070527 total allocation units on disk.
                28438329 allocation units available on disk.
              
              Internal Info:
              00 60 05 00 9d 9f 04 00 09 58 08 00 00 00 00 00  .`.......X......
              2b 68 00 00 3b 00 00 00 00 00 00 00 00 00 00 00  +h..;...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
              
              Windows has finished checking your disk.
              Please wait while your computer restarts.
              


 

Link to post
Share on other sites

  • Root Admin

The best option for backups in my opinion is LTO-3,4,or 5 tapes but unfortunately that is just way too cost prohibitive for the home users including myself.  The next best thing is to backup to an external USB hard drive.  However I highly recommend that you do not leave the drive connected all the time.  Only have the drive connected when you're actually backing up your data and when done disconnect it.  The reason being is that if your computer were to get infected and the backup drive is connected it too can be infected up to and including possibly deleting or encrypting your data.  Never connect the backup drive to the computer if you ever suspect that it might be infected until you've ascertained for sure that the computer is clean from an infection.
 
How is the computer running now?
Are there still any signs of an infection?

 
 
Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

Still running 2nd internal hard drive disk check Ron. My back up disk is external USB and it is never connected other than for back up via Acronis. Should I wipe all the back ups off it and run a disk check or how should I proceed with it before I run the Security check?

 

Also, is there anything we need to be aware of concerning this entry you mentioned ([V2][sUSP PATH] {93CD97D0-EDC0-4DF8-96B9-4F92431738B6} : msiexec.exe - /package "C:\Users\Admin\Desktop\Adapter.msi" [x][x] ->)

 

or this item you were worried about - thanks again for your help

 

Quote

Error: (10/27/2013 11:48:28 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Link to post
Share on other sites

I ran checkdisk on my 2nd drive and the log came back clean. I can't locate the log to send to you though. It is my "E" drive. The "Find" option is not available in the event viewer when I search for it.

 

I've reset my Firefox browser and just about to do IE, I don't use Chrome.

 

As soon as I've done this, I'll run the security check.

Link to post
Share on other sites

I couldn't download from either of the two sites you gave links to so downloaded from Bleeping computer and here is the log :-

 

 

Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Out of date HijackThis  installed!
 Malwarebytes Anti-Malware version 1.75.0.1300  
 HijackThis 2.0.2    
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (Firefox,. Firefox out of Date!  
 Mozilla Thunderbird (24.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

  • Root Admin

No your backup drive should be just fine. No need to do anything with it unless you're somehow having trouble accessing the data.

I think we're actually just about done here but let me have you run this scanner one more time. I'm heading out and will be out most of the night but will check back with you once I get back in.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Thanks Ron - FRST.txt log below.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by Nigel (administrator) on ADMIN-PC on 29-10-2013 08:51:20
Running from C:\Users\Nigel\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Nalpeiron Ltd.) C:\Windows\system32\nlsInterface.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc.) C:\Users\Nigel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516960 2013-02-15] (Acronis)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6366264 2013-03-28] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103440 2013-01-10] (Acronis)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073352 2012-06-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
Startup: C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nigel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{86CAA214-65E8-4352-B03D-396AF9D236C8}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\w24mgqft.default-1383000727538
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.1 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

Chrome:
=======


CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (ScorchPlugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPSibelius.dll ()
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (avast! WebRep) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0
CHR Extension: (Gmail) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 nlscc; C:\Windows\system32\nlsInterface.exe [72192 2010-11-01] (Nalpeiron Ltd.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-17] (Trusteer Ltd.)

==================== Drivers (Whitelisted) ====================

S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2007-08-20] (EnTech Taiwan)
S3 ENTECH64; C:\Windows\SysWow64\DRIVERS\ENTECH64.sys [5632 2004-06-22] (EnTech Taiwan)
S3 EyeOneDisplay; C:\Windows\System32\Drivers\i1display_x64.sys [7808 2005-12-14] (GretagMacbeth LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-28] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-17] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-17] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-17] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-17] (Trusteer Ltd.)
S3 SeqCal; C:\Windows\System32\DRIVERS\SeqCal.sys [7808 2006-05-18] (GretagMacbeth LLC)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-04-15] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-04-15] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-04-15] (Acronis International GmbH)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2x.sys [560128 2009-01-13] (Atheros Communications, Inc.)
S4 tsusbhub; system32\drivers\tsusbhub.sys [x]
S4 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 08:50 - 2013-10-29 08:50 - 01956538 _____ (Farbar) C:\Users\Nigel\Desktop\FRST64.exe
2013-10-28 23:08 - 2013-10-28 23:08 - 00891167 _____ C:\Users\Nigel\Desktop\SecurityCheck.exe
2013-10-28 23:00 - 2013-10-28 23:00 - 00659968 _____ C:\Users\Nigel\Desktop\MicrosoftFixit50195.msi
2013-10-28 22:52 - 2013-10-28 22:52 - 00000000 ____D C:\Users\Nigel\Documents\Old Firefox Data
2013-10-28 21:20 - 2013-10-28 21:20 - 00007302 _____ C:\Users\Nigel\Desktop\CHKDSKResults.txt
2013-10-28 21:12 - 2013-10-28 21:12 - 00003528 ____N C:\bootsqm.dat
2013-10-28 16:37 - 2013-10-28 16:37 - 00448512 _____ (OldTimer Tools) C:\Users\Nigel\Desktop\TFC.exe
2013-10-27 11:54 - 2013-10-28 08:04 - 00000000 ____D C:\FRST
2013-10-27 10:29 - 2013-10-27 10:29 - 02347384 _____ (ESET) C:\Users\Nigel\Downloads\esetsmartinstaller_enu.exe
2013-10-27 10:06 - 2013-10-27 10:09 - 00000000 ____D C:\AdwCleaner
2013-10-27 10:03 - 2013-10-27 10:03 - 00003687 _____ C:\Users\Nigel\Desktop\JRT.txt
2013-10-27 09:58 - 2013-10-27 09:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-27 09:56 - 2013-10-27 09:56 - 01060070 _____ C:\Users\Nigel\Desktop\AdwCleaner.exe
2013-10-27 09:55 - 2013-10-27 09:55 - 01033335 _____ (Thisisu) C:\Users\Nigel\Desktop\JRT.exe
2013-10-27 09:21 - 2013-10-27 09:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-27 09:20 - 2013-10-27 09:48 - 00000000 ____D C:\Users\Nigel\Desktop\mbar
2013-10-27 09:20 - 2013-10-27 09:20 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-27 09:18 - 2013-10-27 09:19 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Nigel\Desktop\mbar-1.07.0.1007.exe
2013-10-26 15:24 - 2013-10-26 15:24 - 00003725 _____ C:\Users\Nigel\Desktop\RKreport[0]_S_10262013_162415.txt
2013-10-26 11:01 - 2013-10-26 11:01 - 00003692 _____ C:\Users\Nigel\Desktop\RKreport[0]_S_10262013_120152.txt
2013-10-26 11:00 - 2013-10-26 11:02 - 00000000 ____D C:\Users\Nigel\Desktop\RK_Quarantine
2013-10-26 10:57 - 2013-10-26 10:58 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-26 10:57 - 2013-10-26 10:57 - 00000920 _____ C:\Users\Sue\Desktop\NTREGOPT.lnk
2013-10-26 10:57 - 2013-10-26 10:57 - 00000920 _____ C:\Users\Nigel\Desktop\NTREGOPT.lnk
2013-10-26 10:57 - 2013-10-26 10:57 - 00000901 _____ C:\Users\Sue\Desktop\ERUNT.lnk
2013-10-26 10:57 - 2013-10-26 10:57 - 00000901 _____ C:\Users\Nigel\Desktop\ERUNT.lnk
2013-10-26 10:51 - 2013-10-26 10:53 - 00003768 _____ C:\Users\Nigel\Desktop\Rkill.txt
2013-10-26 08:27 - 2013-10-26 08:27 - 03997696 _____ C:\Users\Nigel\Desktop\RogueKillerX64.exe
2013-10-26 08:26 - 2013-10-26 08:26 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Nigel\Desktop\rkill.exe
2013-10-26 08:26 - 2013-10-26 08:26 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Nigel\Desktop\erunt-setup.exe
2013-10-25 22:14 - 2013-10-25 22:14 - 00022262 _____ C:\Users\Nigel\Desktop\dds.txt
2013-10-25 22:14 - 2013-10-25 22:14 - 00015635 _____ C:\Users\Nigel\Desktop\attach.txt
2013-10-25 22:04 - 2013-10-25 22:04 - 00688992 ____R (Swearware) C:\Users\Nigel\Desktop\dds.com
2013-10-24 13:44 - 2013-10-24 13:44 - 00000541 _____ C:\Windows\KB893803v2.log
2013-10-21 16:25 - 2013-09-04 12:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-21 16:25 - 2013-09-04 12:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-21 16:25 - 2013-09-04 12:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-21 16:25 - 2013-09-04 12:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-21 16:25 - 2013-09-04 12:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-21 16:25 - 2013-09-04 12:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-21 16:25 - 2013-09-04 12:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-14 09:05 - 2013-10-14 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-11 11:29 - 2013-09-22 23:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 11:29 - 2013-09-22 23:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 11:29 - 2013-09-22 23:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 11:29 - 2013-09-22 23:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 11:29 - 2013-09-22 23:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 11:29 - 2013-09-22 22:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 11:29 - 2013-09-22 22:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 11:29 - 2013-09-22 22:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 11:29 - 2013-09-22 22:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 11:29 - 2013-09-22 22:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 11:29 - 2013-09-22 22:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 11:29 - 2013-09-21 03:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 11:29 - 2013-09-21 03:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 11:29 - 2013-09-21 02:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 11:29 - 2013-09-21 02:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 11:28 - 2013-09-22 23:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 11:28 - 2013-09-22 23:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 11:28 - 2013-09-22 23:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 11:28 - 2013-09-22 23:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 11:28 - 2013-09-22 23:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 11:28 - 2013-09-22 23:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 11:28 - 2013-09-22 23:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 11:28 - 2013-09-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 11:28 - 2013-09-22 22:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 11:28 - 2013-09-22 22:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 11:28 - 2013-09-22 22:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 11:28 - 2013-09-22 22:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 11:28 - 2013-09-22 22:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 11:28 - 2013-09-22 22:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 11:28 - 2013-09-22 22:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 11:28 - 2013-09-22 22:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 09:18 - 2013-09-14 01:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 09:18 - 2013-09-08 02:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 09:18 - 2013-09-08 02:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 09:18 - 2013-09-08 02:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 09:18 - 2013-08-29 02:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 09:18 - 2013-08-29 02:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 09:18 - 2013-08-29 02:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 09:18 - 2013-08-29 02:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 09:18 - 2013-08-29 02:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 09:18 - 2013-08-29 01:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 09:18 - 2013-08-29 01:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 09:18 - 2013-08-29 01:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 09:18 - 2013-08-29 01:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 09:18 - 2013-08-29 01:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 09:18 - 2013-08-29 01:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 09:18 - 2013-08-29 00:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 09:18 - 2013-08-29 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 09:18 - 2013-08-29 00:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 09:18 - 2013-08-29 00:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 09:18 - 2013-08-28 01:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 09:18 - 2013-07-12 10:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 09:18 - 2013-07-12 10:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-11 09:18 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 09:18 - 2013-07-04 12:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 09:18 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 09:18 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 09:18 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 09:18 - 2013-07-04 11:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 09:18 - 2013-07-04 10:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-11 09:18 - 2013-07-03 04:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 09:18 - 2013-07-03 04:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 09:18 - 2013-07-03 04:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 09:18 - 2013-06-25 22:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 09:18 - 2013-06-06 05:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 09:18 - 2013-06-06 05:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 09:18 - 2013-06-06 05:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 09:18 - 2013-06-06 05:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 09:18 - 2013-06-06 04:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 09:18 - 2013-06-06 04:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 09:18 - 2013-06-06 04:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 09:18 - 2013-06-06 03:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 09:18 - 2013-06-06 03:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 09:18 - 2013-06-06 03:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 09:17 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 09:17 - 2013-08-01 12:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 09:17 - 2013-07-20 10:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 09:17 - 2013-07-20 10:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:01 - 2013-10-09 14:01 - 00000644 _____ C:\Windows\PFRO.log
2013-10-05 13:23 - 2013-10-29 08:46 - 00000286 _____ C:\Windows\TWAIN.LOG
2013-10-05 13:21 - 2013-10-29 08:45 - 00005152 _____ C:\Windows\setupact.log
2013-10-05 13:21 - 2013-10-05 13:21 - 00000000 _____ C:\Windows\setuperr.log
2013-10-01 15:38 - 2013-10-01 15:39 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-01 15:38 - 2013-10-01 15:39 - 00000000 ____D C:\Program Files\iTunes
2013-10-01 15:38 - 2013-10-01 15:39 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-01 15:38 - 2013-10-01 15:38 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2013-10-29 08:50 - 2013-10-29 08:50 - 01956538 _____ (Farbar) C:\Users\Nigel\Desktop\FRST64.exe
2013-10-29 08:48 - 2013-09-18 09:02 - 02066487 _____ C:\Windows\WindowsUpdate.log
2013-10-29 08:47 - 2012-02-09 19:10 - 00000000 ___RD C:\Users\Nigel\Dropbox
2013-10-29 08:47 - 2012-02-09 19:06 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\Dropbox
2013-10-29 08:47 - 2009-12-12 18:16 - 00000000 ____D C:\Users\Nigel\AppData\Local\Adobe
2013-10-29 08:46 - 2013-10-05 13:23 - 00000286 _____ C:\Windows\TWAIN.LOG
2013-10-29 08:46 - 2012-12-07 17:25 - 00000156 _____ C:\Windows\Twunk001.MTX
2013-10-29 08:46 - 2012-12-07 17:25 - 00000005 _____ C:\Windows\Twain001.Mtx
2013-10-29 08:45 - 2013-10-05 13:21 - 00005152 _____ C:\Windows\setupact.log
2013-10-29 08:45 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-28 23:08 - 2013-10-28 23:08 - 00891167 _____ C:\Users\Nigel\Desktop\SecurityCheck.exe
2013-10-28 23:00 - 2013-10-28 23:00 - 00659968 _____ C:\Users\Nigel\Desktop\MicrosoftFixit50195.msi
2013-10-28 22:52 - 2013-10-28 22:52 - 00000000 ____D C:\Users\Nigel\Documents\Old Firefox Data
2013-10-28 22:33 - 2012-10-22 08:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-28 21:24 - 2009-07-14 04:45 - 00015344 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-28 21:24 - 2009-07-14 04:45 - 00015344 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-28 21:20 - 2013-10-28 21:20 - 00007302 _____ C:\Users\Nigel\Desktop\CHKDSKResults.txt
2013-10-28 21:20 - 2009-07-14 05:13 - 00787914 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-28 21:12 - 2013-10-28 21:12 - 00003528 ____N C:\bootsqm.dat
2013-10-28 16:37 - 2013-10-28 16:37 - 00448512 _____ (OldTimer Tools) C:\Users\Nigel\Desktop\TFC.exe
2013-10-28 11:40 - 2013-06-24 09:57 - 00020587 _____ C:\Users\Nigel\Documents\DropboxExport.log
2013-10-28 08:04 - 2013-10-27 11:54 - 00000000 ____D C:\FRST
2013-10-28 07:50 - 2009-12-13 17:45 - 00000000 ____D C:\Users\Nigel\AppData\Local\Google
2013-10-27 10:29 - 2013-10-27 10:29 - 02347384 _____ (ESET) C:\Users\Nigel\Downloads\esetsmartinstaller_enu.exe
2013-10-27 10:09 - 2013-10-27 10:06 - 00000000 ____D C:\AdwCleaner
2013-10-27 10:03 - 2013-10-27 10:03 - 00003687 _____ C:\Users\Nigel\Desktop\JRT.txt
2013-10-27 09:58 - 2013-10-27 09:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-27 09:56 - 2013-10-27 09:56 - 01060070 _____ C:\Users\Nigel\Desktop\AdwCleaner.exe
2013-10-27 09:55 - 2013-10-27 09:55 - 01033335 _____ (Thisisu) C:\Users\Nigel\Desktop\JRT.exe
2013-10-27 09:48 - 2013-10-27 09:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-27 09:48 - 2013-10-27 09:20 - 00000000 ____D C:\Users\Nigel\Desktop\mbar
2013-10-27 09:20 - 2013-10-27 09:20 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-27 09:19 - 2013-10-27 09:18 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Nigel\Desktop\mbar-1.07.0.1007.exe
2013-10-26 15:24 - 2013-10-26 15:24 - 00003725 _____ C:\Users\Nigel\Desktop\RKreport[0]_S_10262013_162415.txt
2013-10-26 11:02 - 2013-10-26 11:00 - 00000000 ____D C:\Users\Nigel\Desktop\RK_Quarantine
2013-10-26 11:01 - 2013-10-26 11:01 - 00003692 _____ C:\Users\Nigel\Desktop\RKreport[0]_S_10262013_120152.txt
2013-10-26 10:59 - 2012-03-26 12:19 - 00000000 ____D C:\Windows\ERDNT
2013-10-26 10:58 - 2013-10-26 10:57 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-26 10:57 - 2013-10-26 10:57 - 00000920 _____ C:\Users\Sue\Desktop\NTREGOPT.lnk
2013-10-26 10:57 - 2013-10-26 10:57 - 00000920 _____ C:\Users\Nigel\Desktop\NTREGOPT.lnk
2013-10-26 10:57 - 2013-10-26 10:57 - 00000901 _____ C:\Users\Sue\Desktop\ERUNT.lnk
2013-10-26 10:57 - 2013-10-26 10:57 - 00000901 _____ C:\Users\Nigel\Desktop\ERUNT.lnk
2013-10-26 10:53 - 2013-10-26 10:51 - 00003768 _____ C:\Users\Nigel\Desktop\Rkill.txt
2013-10-26 08:27 - 2013-10-26 08:27 - 03997696 _____ C:\Users\Nigel\Desktop\RogueKillerX64.exe
2013-10-26 08:26 - 2013-10-26 08:26 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Nigel\Desktop\rkill.exe
2013-10-26 08:26 - 2013-10-26 08:26 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Nigel\Desktop\erunt-setup.exe
2013-10-25 22:14 - 2013-10-25 22:14 - 00022262 _____ C:\Users\Nigel\Desktop\dds.txt
2013-10-25 22:14 - 2013-10-25 22:14 - 00015635 _____ C:\Users\Nigel\Desktop\attach.txt
2013-10-25 22:04 - 2013-10-25 22:04 - 00688992 ____R (Swearware) C:\Users\Nigel\Desktop\dds.com
2013-10-25 15:55 - 2010-03-03 18:54 - 00017276 _____ C:\Users\Nigel\Documents\Pension projections v1.xlsx
2013-10-24 13:44 - 2013-10-24 13:44 - 00000541 _____ C:\Windows\KB893803v2.log
2013-10-24 12:44 - 2013-08-19 08:10 - 00000000 ____D C:\Users\Nigel\Documents\WORK
2013-10-23 15:32 - 2012-12-23 14:53 - 00001456 _____ C:\Users\Nigel\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-10-22 09:02 - 2009-12-12 16:00 - 00000000 ___RD C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-21 20:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-21 15:32 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-20 11:14 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-10-18 14:17 - 2009-07-14 02:34 - 00449845 ____R C:\Windows\system32\Drivers\etc\hosts.20131024-215855.backup
2013-10-17 15:05 - 2012-12-22 14:44 - 00317808 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2013-10-16 20:30 - 2009-07-14 02:34 - 00449845 ____R C:\Windows\system32\Drivers\etc\hosts.20131018-151719.backup
2013-10-16 16:24 - 2013-03-02 13:05 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-16 16:24 - 2013-03-02 13:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-16 16:24 - 2013-03-02 13:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-16 11:58 - 2010-03-03 18:54 - 00023694 _____ C:\Users\Nigel\Documents\MUSICIANS ACCOUNTS vi.xlsx
2013-10-16 11:42 - 2012-05-07 20:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-14 09:05 - 2013-10-14 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-11 14:44 - 2009-10-30 00:38 - 00000000 ____D C:\Windows\Panther
2013-10-11 14:43 - 2009-07-14 04:45 - 05217384 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 11:30 - 2010-02-19 09:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 11:27 - 2012-05-17 09:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 11:27 - 2012-05-17 09:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 11:26 - 2011-07-27 10:31 - 00773382 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 11:21 - 2013-08-14 16:29 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 11:19 - 2009-10-29 16:48 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 14:01 - 2013-10-09 14:01 - 00000644 _____ C:\Windows\PFRO.log
2013-10-08 17:37 - 2012-10-22 08:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 17:37 - 2012-04-25 14:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 17:37 - 2011-05-13 15:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 11:26 - 2009-07-14 02:34 - 00449839 ____R C:\Windows\system32\Drivers\etc\hosts.20131016-213023.backup
2013-10-05 13:21 - 2013-10-05 13:21 - 00000000 _____ C:\Windows\setuperr.log
2013-10-05 11:38 - 2011-10-07 16:52 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-10-03 17:47 - 2009-07-14 02:34 - 00449839 ____R C:\Windows\system32\Drivers\etc\hosts.20131008-122654.backup
2013-10-01 15:39 - 2013-10-01 15:38 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-01 15:39 - 2013-10-01 15:38 - 00000000 ____D C:\Program Files\iTunes
2013-10-01 15:39 - 2013-10-01 15:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-01 15:38 - 2013-10-01 15:38 - 00000000 ____D C:\Program Files\iPod

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-24 08:35

==================== End Of Log ============================

 

How's that look?

Link to post
Share on other sites

  • Root Admin

Looks pretty good.  I would recommend getting rid of Microsoft Security Essentials and using something like avast or Avira if you want a free antivirus.  MSE is just not quite up to the task of protecting your computer these days.
 
avast:  http://www.filehippo.com/download_avast_antivirus/
Avira: http://www.filehippo.com/download_antivir/
 
 
If  you do change please make sure to uninstall MSE - you cannot have 2 different antivirus products installed as it can cause issues.
 
 
How is the computer running now?
Are there still any signs of an infection?
 
 
Please run the security check again so I can make sure you were able to update Firefox.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

Sorry - re-read your post. Here's the log. Firefox is telling me its up to date but the log says it isn't?

 

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Out of date HijackThis  installed!
 Malwarebytes Anti-Malware version 1.75.0.1300  
 HijackThis 2.0.2    
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (Firefox,. Firefox out of Date!  
 Mozilla Thunderbird (24.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.