Jump to content

Trojan.Clicker.CT

Kiba

By Kiba
in Resolved Malware Removal Logs

 Share

Recommended Posts

Kiba

Kiba

Posted
Posted

Malwarebytes detected potential risks:

 

- Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\Adobe Licensing Console (Trojan.Clicker.CT) -> Quarantined and deleted successfully.

 

- Files Detected: 1
C:\Windows\System32\msvfd32.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully.

 

After removing threats, i fully scanned with Malwarebytes, Spybot S&D 2 and Microsoft Security Essiantials. No threats found. I tend to be careful so i don't know where i got those trojans from. Only explanation is an infected website.

 

1. I'm not sure if Adobe Licensing Console is a false positive? "Attach log report: Error: Service Control Manager [7000]  - The Adobe Licensing Console service failed to start due to the following error:  The system cannot find the file specified." What is Adobe Licensing Console and how crucial is it? I haven't installed any Adobe products except for the mandatory flashplayer plugin for firefox.

 

2. What is a Trojan.Clicker.CT/msvfd32.exe exactly and how risky is it? Is this a concern for my privacy - could it potentially come back or is it even completely removed?

 

I haven't noticed any problems with my computer. Everything seems OK.

 

 

attach.txt

dds.txt

mbam-log-2013-11-10 (15-13-41) trojan.clicker.txt

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites
Kiba

Kiba

Posted
  • Author
Posted

Gmer did not find anything. Just to note, it was set to Quick Scan - as default.

 

I have actually noticed a little loading time lag when i open Firefox, but sometimes firefox is like that. Maybe some plugin. If i open a new firefox window, while there is one already open, there is not much startup delay.

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Link to post
Share on other sites
Kiba

Kiba

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by Kiba (administrator) on KIBA1 on 12-11-2013 18:00:30
Running from D:\DL
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
() C:\Windows\system32\atwtusb.exe
() C:\Windows\system32\atwtusb.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
() C:\Windows\System32\AtwtusbIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AtwtusbIcon] - C:\Windows\System32\AtwtusbIcon.exe [3593728 2012-09-10] ()
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [steam] - D:\Games\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
MountPoints2: {02c2817c-4005-11e3-a8f4-00508dc05268} - F:\Autorun.exe
MountPoints2: {02c28199-4005-11e3-a8f4-00508dc05268} - F:\AutoRun.exe
MountPoints2: {581aaf68-3fae-11e3-ab57-00508dc05268} - F:\Autorun.exe
MountPoints2: {581aaf7f-3fae-11e3-ab57-00508dc05268} - F:\Autorun.exe
MountPoints2: {581aaf8d-3fae-11e3-ab57-00508dc05268} - F:\Autorun.exe
MountPoints2: {a824fd04-400a-11e3-97c2-00508dc05268} - F:\AutoRun.exe
MountPoints2: {fab74a3d-400f-11e3-9f31-00508dc05268} - F:\AutoRun.exe
MountPoints2: {fab74a5c-400f-11e3-9f31-00508dc05268} - F:\AutoRun.exe
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKU\Default\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

FireFox:
========
FF ProfilePath: C:\Users\Kiba\AppData\Roaming\Mozilla\Firefox\Profiles\c604mc1y.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - D:\Apps\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kiba\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\Kiba\AppData\Roaming\Mozilla\Firefox\Profiles\c604mc1y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S3 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-12] ()
R3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 WTService; C:\Windows\system32\atwtusb.exe [581120 2012-10-19] ()

==================== Drivers (Whitelisted) ====================

R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-09] (Windows ® Codename Longhorn DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [x]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-12 18:00 - 2013-11-12 18:00 - 00000000 ____D C:\FRST
2013-11-11 22:07 - 2013-11-11 22:07 - 00011660 _____ C:\Users\Kiba\AppData\Local\recently-used.xbel
2013-11-11 13:07 - 2013-11-11 13:34 - 00005009 _____ C:\Users\Kiba\Desktop\attach.txt
2013-11-11 13:07 - 2013-11-11 13:32 - 00012683 _____ C:\Users\Kiba\Desktop\dds.txt
2013-11-10 17:57 - 2013-11-10 17:57 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-10 15:53 - 2013-11-10 15:53 - 00000314 _____ C:\Windows\PFRO.log
2013-11-10 14:55 - 2013-11-12 08:57 - 00000224 _____ C:\Windows\setupact.log
2013-11-10 14:55 - 2013-11-10 14:55 - 00000000 _____ C:\Windows\setuperr.log
2013-11-09 23:18 - 2013-11-09 23:18 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-11-09 23:18 - 2013-11-09 23:18 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-11-09 23:18 - 2013-11-09 23:18 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-11-09 23:18 - 2013-11-09 23:18 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-11-09 23:18 - 2013-11-09 23:18 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camel Audio
2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\ProgramData\Camel Audio
2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Program Files (x86)\Camel Audio
2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue Art et Technologie, Inc
2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue
2013-10-31 22:52 - 2013-10-31 22:52 - 00000000 ____D C:\Program Files\Plogue
2013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2013-10-30 16:26 - 2013-11-10 19:35 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Users\Kiba\Documents\Image-Line
2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Program Files (x86)\Image-Line
2013-10-30 16:26 - 2009-09-15 11:14 - 01554944 _____ (HMS http://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm
2013-10-30 16:25 - 2013-10-30 16:25 - 00000000 ____D C:\Program Files (x86)\Outsim
2013-10-30 15:42 - 2013-10-30 15:42 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Malwarebytes
2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-30 15:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-28 21:04 - 2013-10-28 21:04 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-28 20:41 - 2013-11-01 11:31 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-10-28 19:56 - 2013-10-28 19:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-28 19:55 - 2013-01-29 17:05 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2013-10-28 19:55 - 2013-01-29 17:05 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-10-27 15:41 - 2013-10-27 15:42 - 00000000 ____D C:\Users\Kiba\AppData\Local\Microsoft Games
2013-10-24 15:08 - 2013-10-24 15:08 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Blender Foundation
2013-10-24 13:55 - 2013-10-24 13:56 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\Users\Public\Documents\Logishrd
2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\ProgramData\Logitech
2013-10-24 13:37 - 2013-10-28 22:21 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-10-24 13:37 - 2013-10-24 13:56 - 00000000 ____D C:\ProgramData\Logishrd
2013-10-24 13:37 - 2013-10-24 13:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Leadertech
2013-10-24 13:36 - 2013-10-24 13:36 - 00000000 ____D C:\Program Files\Logitech
2013-10-24 13:35 - 2013-10-24 13:35 - 00000000 ____D C:\Users\Kiba\AppData\Local\Eraser 6
2013-10-24 13:34 - 2013-10-24 13:39 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logitech
2013-10-24 13:34 - 2013-10-24 13:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logishrd
2013-10-24 11:49 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\inkscape
2013-10-23 19:27 - 2013-11-10 14:24 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Media Player Classic
2013-10-22 11:31 - 2013-10-22 11:31 - 00000000 ____D C:\Users\Kiba\AppData\Local\Unity
2013-10-22 11:29 - 2013-10-22 11:29 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Notepad++
2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Hi-Rez Studios
2013-10-20 13:27 - 2013-10-20 13:27 - 00000000 ____D C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2013-10-15 23:49 - 2013-10-15 23:49 - 00000000 ____D C:\Users\Kiba\Documents\ProcAlyzer Dumps
2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-15 18:01 - 2013-10-23 21:40 - 00000000 ____D C:\Users\Kiba\AppData\Local\gtk-2.0
2013-10-15 17:59 - 2013-10-24 15:05 - 00000000 ____D C:\Users\Kiba\.thumbnails
2013-10-15 17:33 - 2013-11-01 14:51 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Spotify
2013-10-15 17:33 - 2013-11-01 11:50 - 00000000 ____D C:\Users\Kiba\AppData\Local\Spotify
2013-10-15 17:33 - 2013-10-15 17:33 - 00001837 _____ C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-14 20:35 - 2013-11-11 22:02 - 00000000 ____D C:\Users\Kiba\AppData\Local\mypaint
2013-10-14 20:34 - 2013-10-14 20:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPaint
2013-10-13 23:46 - 2013-10-13 23:46 - 00007628 _____ C:\Users\Kiba\AppData\Local\Resmon.ResmonCfg
2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2013-10-13 00:14 - 2013-10-29 15:12 - 00000000 ____D C:\Users\Kiba\.gimp-2.8
2013-10-13 00:14 - 2013-10-13 00:14 - 00000000 ____D C:\Users\Kiba\AppData\Local\gegl-0.2

==================== One Month Modified Files and Folders =======

2013-11-12 18:00 - 2013-11-12 18:00 - 00000000 ____D C:\FRST
2013-11-12 17:22 - 2013-10-07 00:58 - 01244225 _____ C:\Windows\WindowsUpdate.log
2013-11-12 09:05 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 09:05 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 09:04 - 2009-07-14 07:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-12 08:57 - 2013-11-10 14:55 - 00000224 _____ C:\Windows\setupact.log
2013-11-12 08:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 08:57 - 2009-07-14 04:34 - 00000418 _____ C:\Windows\win.ini
2013-11-11 22:07 - 2013-11-11 22:07 - 00011660 _____ C:\Users\Kiba\AppData\Local\recently-used.xbel
2013-11-11 22:02 - 2013-10-14 20:35 - 00000000 ____D C:\Users\Kiba\AppData\Local\mypaint
2013-11-11 13:34 - 2013-11-11 13:07 - 00005009 _____ C:\Users\Kiba\Desktop\attach.txt
2013-11-11 13:32 - 2013-11-11 13:07 - 00012683 _____ C:\Users\Kiba\Desktop\dds.txt
2013-11-11 09:48 - 2013-10-11 01:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-11 09:07 - 2009-07-14 06:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-10 22:03 - 2013-10-11 01:52 - 00057560 _____ C:\Users\Kiba\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-10 19:35 - 2013-10-30 16:26 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2013-11-10 17:57 - 2013-11-10 17:57 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-10 17:57 - 2013-11-10 17:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-10 15:53 - 2013-11-10 15:53 - 00000314 _____ C:\Windows\PFRO.log
2013-11-10 15:02 - 2013-10-11 21:24 - 00000000 ____D C:\Users\Kiba\AppData\Local\NVIDIA
2013-11-10 15:02 - 2013-10-06 17:28 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-10 15:02 - 2013-10-06 17:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-11-10 15:02 - 2013-10-06 17:27 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-10 15:02 - 2013-10-06 17:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-10 14:55 - 2013-11-10 14:55 - 00000000 _____ C:\Windows\setuperr.log
2013-11-10 14:24 - 2013-10-24 11:49 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\inkscape
2013-11-10 14:24 - 2013-10-23 19:27 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Media Player Classic
2013-11-10 14:24 - 2013-10-07 01:55 - 00000000 ____D C:\Windows\Panther
2013-11-10 12:33 - 2013-10-07 01:15 - 00000000 ___RD C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-09 23:19 - 2013-10-11 02:07 - 00000000 ____D C:\Users\Kiba\Documents\My Games
2013-11-09 23:18 - 2013-11-09 23:18 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-11-09 23:18 - 2013-11-09 23:18 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-11-09 23:18 - 2013-11-09 23:18 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-11-09 23:18 - 2013-11-09 23:18 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-11-09 23:18 - 2013-11-09 23:18 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-11-09 21:58 - 2013-10-06 16:49 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\.purple
2013-11-06 14:05 - 2013-10-06 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-06 00:14 - 2013-10-06 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camel Audio
2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\ProgramData\Camel Audio
2013-11-01 14:58 - 2013-11-01 14:58 - 00000000 ____D C:\Program Files (x86)\Camel Audio
2013-11-01 14:51 - 2013-10-15 17:33 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Spotify
2013-11-01 11:50 - 2013-10-15 17:33 - 00000000 ____D C:\Users\Kiba\AppData\Local\Spotify
2013-11-01 11:31 - 2013-10-28 20:41 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue Art et Technologie, Inc
2013-10-31 22:58 - 2013-10-31 22:58 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Plogue
2013-10-31 22:52 - 2013-10-31 22:52 - 00000000 ____D C:\Program Files\Plogue
2013-10-30 16:53 - 2013-10-07 01:15 - 00000000 ____D C:\Users\Kiba\AppData\Local\VirtualStore
2013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2013-10-30 16:37 - 2013-10-30 16:37 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Users\Kiba\Documents\Image-Line
2013-10-30 16:26 - 2013-10-30 16:26 - 00000000 ____D C:\Program Files (x86)\Image-Line
2013-10-30 16:25 - 2013-10-30 16:25 - 00000000 ____D C:\Program Files (x86)\Outsim
2013-10-30 15:42 - 2013-10-30 15:42 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Malwarebytes
2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-30 15:31 - 2013-10-30 15:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-29 15:12 - 2013-10-13 00:14 - 00000000 ____D C:\Users\Kiba\.gimp-2.8
2013-10-28 22:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-28 22:21 - 2013-10-24 13:37 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-10-28 21:04 - 2013-10-28 21:04 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-10-28 19:57 - 2013-10-28 19:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-10-28 19:56 - 2013-10-28 19:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-28 19:55 - 2013-10-07 04:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-27 15:42 - 2013-10-27 15:41 - 00000000 ____D C:\Users\Kiba\AppData\Local\Microsoft Games
2013-10-26 16:55 - 2013-10-12 05:31 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-26 16:55 - 2013-10-12 05:16 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-24 15:08 - 2013-10-24 15:08 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Blender Foundation
2013-10-24 15:05 - 2013-10-15 17:59 - 00000000 ____D C:\Users\Kiba\.thumbnails
2013-10-24 13:56 - 2013-10-24 13:55 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2013-10-24 13:56 - 2013-10-24 13:37 - 00000000 ____D C:\ProgramData\Logishrd
2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\Users\Public\Documents\Logishrd
2013-10-24 13:39 - 2013-10-24 13:39 - 00000000 ____D C:\ProgramData\Logitech
2013-10-24 13:39 - 2013-10-24 13:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logitech
2013-10-24 13:37 - 2013-10-24 13:37 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Leadertech
2013-10-24 13:36 - 2013-10-24 13:36 - 00000000 ____D C:\Program Files\Logitech
2013-10-24 13:35 - 2013-10-24 13:35 - 00000000 ____D C:\Users\Kiba\AppData\Local\Eraser 6
2013-10-24 13:34 - 2013-10-24 13:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Logishrd
2013-10-23 21:40 - 2013-10-15 18:01 - 00000000 ____D C:\Users\Kiba\AppData\Local\gtk-2.0
2013-10-22 11:46 - 2009-07-14 04:34 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts.20131110-164044.backup
2013-10-22 11:31 - 2013-10-22 11:31 - 00000000 ____D C:\Users\Kiba\AppData\Local\Unity
2013-10-22 11:29 - 2013-10-22 11:29 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Notepad++
2013-10-21 16:46 - 2013-10-21 16:46 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-10-20 13:30 - 2013-10-11 10:13 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\NVIDIA
2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-10-20 13:28 - 2013-10-20 13:28 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Hi-Rez Studios
2013-10-20 13:27 - 2013-10-20 13:27 - 00000000 ____D C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2013-10-16 10:59 - 2009-07-14 04:34 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts.20131022-124641.backup
2013-10-15 23:49 - 2013-10-15 23:49 - 00000000 ____D C:\Users\Kiba\Documents\ProcAlyzer Dumps
2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-15 19:32 - 2013-10-15 19:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-15 17:59 - 2013-10-07 01:14 - 00000000 ____D C:\Users\Kiba
2013-10-15 17:33 - 2013-10-15 17:33 - 00001837 _____ C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-15 10:36 - 2013-10-07 04:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-15 10:36 - 2013-10-07 04:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-14 20:34 - 2013-10-14 20:34 - 00000000 ____D C:\Users\Kiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPaint
2013-10-14 20:15 - 2013-10-12 05:16 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-13 23:46 - 2013-10-13 23:46 - 00007628 _____ C:\Users\Kiba\AppData\Local\Resmon.ResmonCfg
2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2013-10-13 18:38 - 2013-10-13 18:38 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2013-10-13 00:14 - 2013-10-13 00:14 - 00000000 ____D C:\Users\Kiba\AppData\Local\gegl-0.2

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 21:47

==================== End Of Log ============================

Link to post
Share on other sites
Kiba

Kiba

Posted
  • Author
Posted

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by Kiba at 2013-11-12 18:01:16
Running from D:\DL
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
ARIA Engine v1.6.6.9 (Version: v1.6.6.9)
ASIO4ALL (x32 Version: 2.11 Beta2)
Bastion (x32)
BioShock (x32)
Blacklight: Retribution (x32)
Blender (Version: 2.68a)
Blood Bowl: Chaos Edition (x32)
Camel Audio Alchemy (x32 Version: 1.55.0)
CCleaner (Version: 4.07)
Dungeons of Dredmor (x32)
Eraser 6.0.10.2620 (Version: 6.0.2620)
eReg (x32 Version: 1.20.138.34)
FL Studio 10 (x32)
FTL: Faster Than Light (x32)
GIMP 2.8.6 (Version: 2.8.6)
Global Agenda (x32)
Hotline Miami (x32)
Inkscape 0.48.4 (x32 Version: 0.48.4)
Killing Floor (x32)
King's Bounty: Crossworlds (x32)
LIMBO (x32)
Logitech SetPoint 6.61 (Version: 6.61.15)
Magic: The Gathering - Duels of the Planeswalkers 2013 (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
MPC-HC 1.7.0 (64-bit) (Version: 1.7.0.7858)
MyPaint 1.0.0 (HKCU Version: 1.0.0)
Notepad++ (x32 Version: 6.5)
NVIDIA 3D Vision Controller Driver 326.01 (Version: 326.01)
NVIDIA 3D Vision Driver 327.23 (Version: 327.23)
NVIDIA Control Panel 327.23 (Version: 327.23)
NVIDIA Graphics Driver 327.23 (Version: 327.23)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
OpenAL (x32)
Path of Exile (x32)
Pidgin (x32 Version: 2.10.7)
Plogue sforzando v1.669 (Version: v1.669)
Portal 2 (x32)
PunkBuster Services (x32 Version: 0.992)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5591)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
Spybot - Search & Destroy (x32 Version: 2.1.21)
Steam (x32 Version: 1.0.0.0)
SumatraPDF (x32 Version: 2.4)
Super Meat Boy (x32)
Terraria (x32)
The Binding of Isaac (x32)
Titan Quest (x32)
Trine (x32)
Trust tablet driver (Version: 5.01)
Unity (x32 Version: )
Unity Web Player (HKCU Version: )
Universe Sandbox (x32)

==================== Restore Points  =========================

09-11-2013 08:48:54 Windows Update
10-11-2013 16:58:17 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-11-10 16:40 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {75000C8C-0A43-4105-8455-D0F7875FBC25} - System32\Tasks\CCleanerSkipUAC => D:\Apps\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {9703257F-BB85-44AE-8911-4A142AC08245} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {B7392C99-7FCB-4F0B-AB9C-CF3286997B16} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {CE961C0D-861F-47F6-9F4D-DB30CDA8D89E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-11 01:04 - 2013-05-16 19:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-10-11 01:04 - 2013-05-16 19:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-10-11 01:04 - 2013-05-16 19:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-10-11 01:04 - 2012-08-23 19:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-10-11 01:04 - 2012-04-04 02:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2013 02:56:08 PM) (Source: Windows Search Service) (User: )


Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (11/10/2013 02:55:31 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 02:55:31 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (11/12/2013 08:57:35 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (11/11/2013 09:07:07 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (11/10/2013 08:58:04 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (11/10/2013 03:53:52 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (11/10/2013 02:55:33 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/10/2013 02:55:33 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (11/10/2013 02:55:11 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Licensing Console service failed to start due to the following error:
%%2

Error: (11/10/2013 02:55:00 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (11/10/2013 00:32:59 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Licensing Console service failed to start due to the following error:
%%2

Error: (11/10/2013 00:32:47 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.


Microsoft Office Sessions:
=========================
Error: (11/10/2013 02:56:08 PM) (Source: Windows Search Service)(User: )


Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 02:55:32 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (11/10/2013 02:55:31 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (11/10/2013 02:55:31 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (11/10/2013 02:55:29 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 2047.37 MB
Available physical RAM: 1291.08 MB
Total Pagefile: 4094.73 MB
Available Pagefile: 2971.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.73 GB) (Free:24.47 GB) NTFS
Drive d: () (Fixed) (Total:416.93 GB) (Free:304.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 826609AE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=417 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 
 
 
Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites
Kiba

Kiba

Posted
  • Author
Posted

JRT and AdwCleaner logs. ESET Online scanner found nothing.

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Kiba on ke 13.11.2013 at 19:09:04,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Kiba\AppData\Roaming\mozilla\firefox\profiles\c604mc1y.default\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ke 13.11.2013 at 19:14:26,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

# AdwCleaner v3.012 - Report created 13/11/2013 at 19:20:46
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : kiba - KIBA1
# Running from : C:\Users\kiba\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\kiba\AppData\Roaming\Mozilla\Firefox\Profiles\c604mc1y.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [789 octets] - [13/11/2013 19:19:29]
AdwCleaner[s0].txt - [711 octets] - [13/11/2013 19:20:46]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [770 octets] ##########
 

Link to post
Share on other sites
Kiba

Kiba

Posted
  • Author
Posted

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.9.900.117  
 Mozilla Firefox (25.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Your system is clean now! :)

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites
Kiba

Kiba

Posted
  • Author
Posted

---->"Deleted : RP #36 [Windows Update | 11/13/2013 10:01:09]"

 

Why does it say it has deleted a Windows Update? Or is this just from a program we used?

 

 

 

 

 

 

# DelFix v10.6 - Logfile created 14/11/2013 at 14:29:08
# Updated 11/11/2013 by Xplode
# Username : Kiba - KIBA1
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Kiba\Desktop\Addition.txt
Deleted : C:\Users\Kiba\Desktop\AdwCleaner[s0].txt
Deleted : C:\Users\Kiba\Desktop\dds.txt
Deleted : C:\Users\Kiba\Desktop\FRST.txt
Deleted : C:\Users\Kiba\Desktop\JRT.txt
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #36 [Windows Update | 11/13/2013 10:01:09]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Link to post
Share on other sites
Kiba

Kiba

Posted
  • Author
Posted

Alright, i just figured it out myself, didn't read the text properly. Well, thanks for the help. These programs might be useful in the future. I'm still not sure though, why malwarebytes detected "Adobe Licensing Console" as a threat. Or was it a false positive.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.