Jump to content

IP blocked 195.59.55.138

dz1981

By dz1981
in Resolved Malware Removal Logs

 Share

Recommended Posts

dz1981

dz1981

Posted
Posted

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by Scott at 20:21:11 on 2013-11-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.10239.7314 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\ElsaWin\bin\LcSvrAdm.exe
C:\ElsaWin\bin\LcSvrDba.exe
C:\ElsaWin\bin\LcSvrHis.exe
C:\ElsaWin\bin\LcSvrPas.exe
C:\ElsaWin\bin\LcSvrSaz.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Tunngle\TnglCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
C:\ElsaWin\bin\LcSvrAuf.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Activ Software\ActivDriver\activmgr.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\CodePlex\XPS2OneNote\XPS2OneNote.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DigiGuide TV Guide\digiguide.exe
C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\VyprVPN\VyprVPN.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\program files (x86)\trillian\plugins\skypekit.exe
C:\Program Files (x86)\NewsLeecher\newsLeecher.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [RIMDeviceManager] C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [blackBerryLink.exe] "C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGIGU~1.LNK - C:\Program Files (x86)\DigiGuide TV Guide\Client.exe
StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAILWA~1.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VyprVPN.lnk - C:\Windows\System32\schtasks.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\XPS2ON~1.LNK - C:\Windows\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{2945AF62-7F0B-47EE-A3D5-48CA19E0A6A6} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{5A4A9D58-C521-4502-AFAF-33B04E09874A} : NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{5A4A9D58-C521-4502-AFAF-33B04E09874A} : DHCPNameServer = 8.8.8.8 8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
SEH: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [ActivControl] C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\f7e3qo4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news/|http://forums.clublupo.co.uk/|http://scottishvag.com/|http://forum.dirtystancing.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-6-7 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-5-24 365568]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-10-31 2756944]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-3-11 107576]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 LcSvrAdm;ELSA Administration Service;C:\ElsaWin\bin\LcSvrAdm.exe [2011-12-6 240640]
R2 LcSvrDba;ELSA DBA Server;C:\ElsaWin\bin\LcSvrDba.exe [2011-12-6 392704]
R2 LcSvrHis;ELSA Historie Server;C:\ElsaWin\bin\LcSvrHis.exe [2011-12-6 335360]
R2 LcSvrPAS;ELSA PASS Server;C:\ElsaWin\bin\LcSvrPas.exe [2011-12-6 477696]
R2 LcSvrSaz;ELSA APOSpro Server;C:\ElsaWin\bin\LcSvrSaz.exe [2011-12-6 373248]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 139616]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-9 635416]
R2 RIM MDNS;RIM MDNS;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [2013-4-26 389632]
R2 RIM Tunnel Service;BlackBerry Link Communication Manager;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [2013-4-26 1235456]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-22 5087584]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-3-22 93072]
R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-7-29 741624]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-12-25 46136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-6-7 114704]
R3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-2-6 585728]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;C:\ElsaWin\bin\LcSvrAuf.exe [2011-12-6 1321472]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-3-20 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
R3 rimvndis;BlackBerry Virtual Private Network;C:\Windows\System32\drivers\rimvndis6_AMD64.sys [2013-4-26 17920]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2011-5-30 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-20 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-30 1255736]
.
=============== Created Last 30 ================
.
2013-11-15 03:36:01    10280728    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC7E6D98-0BF7-4602-8416-E7BAF0EC1FCA}\mpengine.dll
2013-11-14 03:35:28    10280728    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-13 01:43:23    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-11-11 08:31:16    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5197C511-F667-4BD5-853E-BCF955DE62FE}\gapaengine.dll
2013-11-07 08:17:41    --------    d-----w-    C:\Program Files (x86)\VyprVPN
2013-11-05 03:16:48    --------    d-----w-    C:\ProgramData\Oracle
2013-11-05 03:16:04    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-05 03:15:32    --------    d-----w-    C:\Program Files\CCleaner
2013-11-05 03:08:32    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2013-11-05 02:44:42    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-11-04 19:42:10    --------    d-----w-    C:\Windows\ERUNT
2013-11-04 19:30:21    --------    d-----w-    C:\Program Files (x86)\LogMeIn Hamachi
2013-11-04 19:22:00    --------    d-----w-    C:\AdwCleaner
2013-11-01 15:21:04    --------    d-----w-    C:\Users\Scott\AppData\Roaming\TS3Client
2013-11-01 15:20:55    --------    d-----w-    C:\Program Files (x86)\TeamSpeak 3 Client
2013-10-30 23:42:59    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-10-30 23:42:59    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-10-30 23:42:59    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-10-30 23:42:59    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-10-30 23:42:59    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-10-30 23:42:59    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-10-30 23:42:59    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-10-25 18:29:04    --------    d-----w-    C:\Users\Scott\AppData\Local\Castle Story Prototype
2013-10-24 07:22:26    --------    d-----w-    C:\Program Files\iPod
2013-10-24 07:22:25    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-24 07:22:25    --------    d-----w-    C:\Program Files\iTunes
2013-10-24 07:22:25    --------    d-----w-    C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2013-10-12 08:45:20    2241536    ----a-w-    C:\Windows\System32\wininet.dll
2013-10-12 08:43:37    3959808    ----a-w-    C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 13:37:29    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-09 13:37:28    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 01:29:52    33280    ----a-w-    C:\Windows\System32\drivers\usbser.sys
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
.
============= FINISH: 20:22:10.76 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 29/12/2010 16:03:46
System Uptime: 13/11/2013 03:23:12 (65 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2A99
Processor: AMD Athlon II X2 220 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 453.894 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.469 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 290 GiB total, 265.044 GiB free.
G: is Removable
H: is Removable
X: is NetworkDisk (NTFS) - 1834 GiB total, 1118.333 GiB free.
Z: is NetworkDisk (NTFS) - 916 GiB total, 191.568 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP505: 07/11/2013 08:31:45 - Windows Update
RP506: 09/11/2013 16:59:40 - Installed DirectX
RP507: 11/11/2013 08:30:23 - Windows Update
RP508: 13/11/2013 03:00:17 - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
A-Train 8
ActivDriver x64 v5.7
ActiveCheck component for HP Active Support Library
ActivInspire Core Resources (ENU) v1
ActivInspire Help (GBR) v1
ActivInspire HWR Resources (ENU) v1
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Agatha Christie - Death on the Nile
AMD APP SDK Runtime
AMD Fuel
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
Battle.net
BBSAK
Bejeweled 2 Deluxe
BlackBerry Link
Bonjour
Borderlands 2
Brütal Legend
Bridge Constructor
Castle Story
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CertificateInstaller
Chuzzle Deluxe
Constructor
Contrast
ConvertXtoDVD 4.1.19.365
CPUID CPU-Z 1.66.1
Cyberduck 11008 (4.3.1)
CyberLink DVD Suite Deluxe
D3DX10
Dead Island
Demolition, Inc.
Diablo III
Diablo III Beta
DigiGuide TV Guide
Diner Dash 2 Restaurant Rescue
DiRT 3
Dota 2
Dungeon Defenders
DUNGEONS - Steam Special Edition
DVD Menu Pack for HP MediaSmart Video
ElsaWin
Endless Space
Eufloria
EVE Online (remove only)
Evil Genius
FATE
Free Window Registry Repair
Game Dev Tycoon
GIMP 2.6.11
Google SketchUp 8
Hearthstone
HiJackThis
HLSW v1.4.0.2
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP Odometer
HP Power Assistant
HP Setup
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HPAsset component for HP Active Support Library
HydraVision
iCloud
Insaniquarium Deluxe
iTunes
Java 7 Update 25 (64-bit)
Java 7 Update 45
Java Auto Updater
Jewel Quest II
Jewel Quest Solitaire
John Deere Drive Green
Junk Mail filter update
Kerbal Space Program
King Arthur's Gold
Kobo
LabelPrint
LEGO Batman 2
LEGO Batman: The Videogame
Lego Star Wars Saga
LightScribe Applications
LightScribe System Software
LogMeIn Hamachi
Magic Desktop
MailWasherPro
Malwarebytes Anti-Malware version 1.75.0.1300
Marvel Heroes
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
MicroVolts
Mihov Picture Downloader 1.5 (remove only)
MobileMe Control Panel
Monday Night Combat
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 25.0 (x86 en-GB)
Mozilla Maintenance Service
MSVC80_x64_v2
MSVC80_x86_v2
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.4
MusicStation
Natural Selection 2
Naval Warfare
NetBeans IDE 7.1.1
NewsLeecher v6.3 Beta 1
Nokia Connectivity Cable Driver
Norton Online Backup
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
OnLive
OpenAL
OpenTTD 1.1.3
OpenVPN 2.2.2
Origin
Pando Media Booster
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime amd64
Polar Bowler
Portal 2
Power2Go
PowerDirector
PressReader
Primal Carnage
Print To Go 2.0
Prison Architect
Q.U.B.E.
QuickPar 0.9
QuickTime
Rapture3D 2.4.8 Game
Realtek High Definition Audio Driver
Recovery Manager
Red Faction: Guerrilla
Revo Uninstaller 1.95
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Sins of a Solar Empire: Rebellion
Skype™ 6.5
SlimDX Runtime .NET 4.0 x86 (January 2012)
SlimDX SDK (September 2011)
Slingo Deluxe
Star Wars: The Old Republic
StarCraft II
StarCraft II Beta
Steam
Supreme Commander
Supreme Commander: Forged Alliance
Team Fortress 2
TeamSpeak 3 Client
TeamViewer 8
Terraria
The Cave
The Sims 3
The Sims™ 3
The Sims™ 3 Supernatural
TightVNC 2.0.2
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Torchlight II
Tower Wars
TrackMania² Valley
TreeSize Personal V5.5.5
Trillian
Tunngle beta
Unity Web Player
Unreal Development Kit: 2012-10
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client for Windows x64
Vessel
Virtual Villagers - The Secret City
VLC media player 2.0.8
VyprVPN
Wedding Dash
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 beta 4 (64-bit)
World of Warcraft
XPS2OneNote
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
13/11/2013 03:22:17, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR2.
09/11/2013 17:07:43, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
09/11/2013 17:07:43, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

Link to post
Share on other sites
dz1981

dz1981

Posted
  • Author
Posted

Yes Malwarebytes blocked that ip, as requested below

 

2013/11/15 16:58:30 GMT    SHINEY    Scott    IP-BLOCK    195.59.55.138 (Type: outgoing, Port: 65309, Process: firefox.exe)
2013/11/15 17:53:29 GMT    SHINEY    Scott    MESSAGE    Executing scheduled update:  Daily
2013/11/15 17:53:46 GMT    SHINEY    Scott    MESSAGE    Scheduled update executed successfully:  database updated from version v2013.11.14.07 to version v2013.11.15.07
2013/11/15 17:53:46 GMT    SHINEY    Scott    MESSAGE    Starting database refresh
2013/11/15 17:53:46 GMT    SHINEY    Scott    MESSAGE    Stopping IP protection
2013/11/15 17:53:46 GMT    SHINEY    Scott    MESSAGE    IP Protection stopped successfully
2013/11/15 17:53:59 GMT    SHINEY    Scott    MESSAGE    Database refreshed successfully
2013/11/15 17:53:59 GMT    SHINEY    Scott    MESSAGE    Starting IP protection
2013/11/15 17:54:07 GMT    SHINEY    Scott    MESSAGE    IP Protection started successfully
2013/11/15 18:14:49 GMT    SHINEY    Scott    IP-BLOCK    195.59.55.195 (Type: outgoing, Port: 50194, Process: firefox.exe)
2013/11/15 20:18:56 GMT    SHINEY    Scott    IP-BLOCK    195.59.55.138 (Type: outgoing, Port: 52469, Process: firefox.exe)
2013/11/15 22:51:59 GMT    SHINEY    Scott    IP-BLOCK    93.114.45.13 (Type: incoming, Port: 51341, Process: skypekit.exe)

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Kevin...

Link to post
Share on other sites
dz1981

dz1981

Posted
  • Author
Posted

Hi Kevin,

 

There is 3 logs as it got stuck for 4 hours on the first pass

 

Cheers

 

Scott

 

# AdwCleaner v3.012 - Report created 16/11/2013 at 04:10:53
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Scott - SHINEY
# Running from : C:\Users\Scott\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (en-GB)

[ File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\f7e3qo4l.default\prefs.js ]
 

# AdwCleaner v3.012 - Report created 16/11/2013 at 08:12:43
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Scott - SHINEY
# Running from : C:\Users\Scott\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (en-GB)

[ File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\f7e3qo4l.default\prefs.js ]

 

# AdwCleaner v3.012 - Report created 16/11/2013 at 08:25:34
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Scott - SHINEY
# Running from : C:\Users\Scott\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (en-GB)

[ File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\f7e3qo4l.default\prefs.js ]
 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites
dz1981

dz1981

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Scott (administrator) on SHINEY on 16-11-2013 10:10:57
Running from C:\Users\Scott\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Promethean Technologies Group Ltd) C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Volkswagen AG) C:\ElsaWin\bin\LcSvrAdm.exe
(Volkswagen AG) C:\ElsaWin\bin\LcSvrDba.exe
() C:\Program Files\Activ Software\ActivDriver\activmgr.exe
(Volkswagen AG) C:\ElsaWin\bin\LcSvrHis.exe
(Volkswagen AG) C:\ElsaWin\bin\LcSvrPas.exe
(Volkswagen AG) C:\ElsaWin\bin\LcSvrSaz.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\CodePlex\XPS2OneNote\XPS2OneNote.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Firetrust) C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\DigiGuide TV Guide\digiguide.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(GoldenFrog) C:\Program Files (x86)\VyprVPN\VyprVPN.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Tunngle.net GmbH) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
() c:\program files (x86)\trillian\plugins\skypekit.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Volkswagen AG) C:\ElsaWin\bin\LcSvrAuf.exe
(Microsoft Corporation) C:\PROGRA~2\MICROS~1\Office12\OUTLOOK.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
() C:\Program Files (x86)\NewsLeecher\newsLeecher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [ActivControl] - C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe [1241456 2012-02-24] (Promethean Technologies Group Ltd)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
HKCU\...\Run: [RIMDeviceManager] - C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2433552 2013-04-30] (Research In Motion Limited)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3456080 2013-07-17] (Electronic Arts)
HKCU\...\Run: [blackBerryLink.exe] - C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe [3786768 2013-05-06] (Research In Motion)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-04-25] (EasyBits Software AS)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [RIM PeerManager] - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4265472 2013-04-26] (Research In Motion Limited)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-19] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-11-11] (LogMeIn Inc.)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk
ShortcutTarget: DigiGuide TV Guide.lnk -> C:\Program Files (x86)\DigiGuide TV Guide\Client.exe (GipsyMedia Limited)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
ShortcutTarget: MailWasherPro.lnk -> C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe (Firetrust)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VyprVPN.lnk
ShortcutTarget: VyprVPN.lnk -> C:\Windows\system32\schtasks.exe (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {DBCE78D8-A862-41D6-8B01-256120A6DA53} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {B6D5E382-63D6-4F97-BE76-F7B8D14081DC} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {E26584B6-90FC-4978-B0EF-AE993E8E2A52} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {B6D5E382-63D6-4F97-BE76-F7B8D14081DC} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {B6D5E382-63D6-4F97-BE76-F7B8D14081DC} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2010-10-09] (EasyBits Software Corp.)
ShellExecuteHooks-x32:  - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{5A4A9D58-C521-4502-AFAF-33B04E09874A}: [NameServer]8.8.8.8,8.8.8.4

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\f7e3qo4l.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: British English Dictionary - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\f7e3qo4l.default\Extensions\en-GB@dictionaries.addons.mozilla.org
FF Extension: ffe_ff3ff4 - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\f7e3qo4l.default\Extensions\ffe_ff3ff4@game-point.net.xpi
FF Extension: Adblock Plus - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\f7e3qo4l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-05-24] (Advanced Micro Devices, Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-02-06] (Research In Motion Limited)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-03-05] ()
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [107576 2010-03-11] ()
R2 LcSvrAdm; C:\ElsaWin\bin\LcSvrAdm.exe [240640 2011-12-06] (Volkswagen AG)
R3 LcSvrAuf; C:\ElsaWin\bin\LcSvrAuf.exe [1321472 2011-12-06] (Volkswagen AG)
R2 LcSvrDba; C:\ElsaWin\bin\LcSvrDba.exe [392704 2011-12-06] (Volkswagen AG)
R2 LcSvrHis; C:\ElsaWin\bin\LcSvrHis.exe [335360 2011-12-06] (Volkswagen AG)
R2 LcSvrPAS; C:\ElsaWin\bin\LcSvrPas.exe [477696 2011-12-06] (Volkswagen AG)
R2 LcSvrSaz; C:\ElsaWin\bin\LcSvrSaz.exe [373248 2011-12-06] (Volkswagen AG)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-03-05] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-04-26] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1235456 2013-04-26] (Research In Motion Limited)
R2 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [741624 2011-07-15] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-04-26] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\C:\Users\Scott\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-16 10:10 - 2013-11-16 10:11 - 00021956 _____ C:\Users\Scott\Downloads\FRST.txt
2013-11-16 10:10 - 2013-11-16 10:10 - 00000000 ____D C:\FRST
2013-11-16 10:09 - 2013-11-16 10:10 - 01957794 _____ (Farbar) C:\Users\Scott\Downloads\FRST64.exe
2013-11-16 08:08 - 2013-11-16 08:08 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-16 04:07 - 2013-11-16 04:08 - 01085542 _____ C:\Users\Scott\Downloads\AdwCleaner(1).exe
2013-11-15 20:51 - 2013-11-16 04:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 20:20 - 2013-11-15 20:20 - 00688992 ____R (Swearware) C:\Users\Scott\Downloads\dds.com
2013-11-13 03:06 - 2013-10-12 08:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 03:06 - 2013-10-12 08:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 03:06 - 2013-10-12 08:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 03:06 - 2013-10-12 08:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 03:06 - 2013-10-12 08:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 03:06 - 2013-10-12 08:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 03:06 - 2013-10-12 08:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 03:06 - 2013-10-12 08:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 03:06 - 2013-10-12 08:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 03:06 - 2013-10-12 08:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 03:06 - 2013-10-12 08:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 03:06 - 2013-10-12 08:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 03:06 - 2013-10-12 08:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 03:06 - 2013-10-12 08:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 03:06 - 2013-10-12 07:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 03:06 - 2013-10-12 07:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 03:06 - 2013-10-12 07:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 03:06 - 2013-10-12 07:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 03:06 - 2013-10-12 07:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 03:06 - 2013-10-12 07:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 03:06 - 2013-10-12 07:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 03:06 - 2013-10-12 07:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 03:06 - 2013-10-12 07:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 03:06 - 2013-10-12 07:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 03:06 - 2013-10-12 07:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 03:06 - 2013-10-12 07:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 03:06 - 2013-10-12 07:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 03:06 - 2013-10-12 06:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 03:06 - 2013-10-12 06:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 03:06 - 2013-10-12 05:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 03:06 - 2013-10-12 05:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 01:43 - 2013-10-12 02:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 01:43 - 2013-10-12 02:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 01:43 - 2013-10-12 02:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 01:43 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 01:43 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 01:43 - 2013-10-05 20:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 01:43 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 01:43 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 01:43 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 01:43 - 2013-10-04 02:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 01:43 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 01:43 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 01:43 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 01:43 - 2013-10-03 02:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 01:43 - 2013-10-03 02:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 01:43 - 2013-09-28 01:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 01:43 - 2013-09-25 02:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 01:43 - 2013-09-25 02:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 01:43 - 2013-09-25 02:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 01:43 - 2013-09-25 02:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 01:43 - 2013-09-25 02:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 01:43 - 2013-09-25 02:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 01:43 - 2013-09-25 02:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 01:43 - 2013-09-25 02:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 01:43 - 2013-09-25 01:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 01:43 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 01:43 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 01:43 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 01:43 - 2013-09-25 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 01:43 - 2013-07-04 12:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-09 17:00 - 2013-11-09 17:01 - 00017513 _____ C:\Windows\DirectX.log
2013-11-09 15:20 - 2013-11-09 15:20 - 00000219 _____ C:\Users\Scott\Desktop\Dota 2.url
2013-11-08 21:21 - 2013-11-08 21:21 - 00000222 _____ C:\Users\Scott\Desktop\King Arthur's Gold.url
2013-11-08 18:17 - 2013-11-08 18:17 - 00000756 _____ C:\Users\Scott\Desktop\JRT.txt
2013-11-08 18:07 - 2013-11-05 22:36 - 01034531 _____ (Thisisu) C:\Users\Scott\Desktop\JRT_NEW.exe
2013-11-07 22:58 - 2013-11-06 23:42 - 00005376 _____ C:\Users\Scott\Downloads\README.txt
2013-11-07 22:46 - 2009-11-29 00:00 - 00021333 _____ C:\Users\Scott\Downloads\style.css
2013-11-07 22:45 - 2011-08-24 23:00 - 00000879 _____ C:\Users\Scott\Downloads\preview.css
2013-11-07 22:15 - 2013-11-07 22:15 - 03646168 _____ C:\Users\Scott\Downloads\drupal-7.23.zip
2013-11-07 08:18 - 2013-11-07 08:18 - 00000546 _____ C:\Windows\PFRO.log
2013-11-07 08:17 - 2013-11-16 03:27 - 00000000 ____D C:\Program Files (x86)\VyprVPN
2013-11-07 08:17 - 2013-11-07 08:17 - 00002678 _____ C:\Windows\System32\Tasks\VyprVPN
2013-11-07 08:15 - 2013-11-07 08:15 - 16243680 _____ (Golden Frog, Inc.) C:\Users\Scott\Downloads\VyprVPN-1.4.1-installer.exe
2013-11-06 23:17 - 2013-11-06 23:17 - 05257489 _____ C:\Users\Scott\Downloads\db57276.sql
2013-11-06 23:12 - 2013-11-06 23:24 - 00000000 ____D C:\Users\Scott\Desktop\yhsbackup
2013-11-06 22:51 - 2013-11-06 02:10 - 00005708 _____ C:\Users\Scott\Downloads\awstats112013.txt
2013-11-06 22:48 - 2013-11-06 22:46 - 00011831 _____ C:\Users\Scott\Downloads\access.log.2013.11.06
2013-11-06 22:47 - 2013-11-05 22:02 - 00001290 _____ C:\Users\Scott\Downloads\access.log.2013.11.05.gz
2013-11-06 22:45 - 2011-08-24 23:00 - 00026250 _____ C:\Users\Scott\Downloads\update.php
2013-11-06 22:40 - 2013-11-16 08:26 - 00000280 _____ C:\Windows\setupact.log
2013-11-06 22:40 - 2013-11-06 22:40 - 00000000 _____ C:\Windows\setuperr.log
2013-11-05 17:51 - 2013-11-05 17:51 - 00001192 _____ C:\Users\Scott\Desktop\MailWasherPro.lnk
2013-11-05 17:51 - 2013-11-05 17:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firetrust
2013-11-05 03:17 - 2013-11-05 03:17 - 00358254 _____ C:\Users\Scott\Documents\cc_20131105_031728.reg
2013-11-05 03:16 - 2013-11-05 03:16 - 00000000 ____D C:\ProgramData\Oracle
2013-11-05 03:16 - 2013-11-05 03:15 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-05 03:16 - 2013-11-05 03:15 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-05 03:16 - 2013-11-05 03:15 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-05 03:16 - 2013-11-05 03:15 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-05 03:15 - 2013-11-05 03:15 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-05 03:15 - 2013-11-05 03:15 - 00000000 ____D C:\Program Files\CCleaner
2013-11-05 03:09 - 2013-11-05 03:09 - 04429440 _____ (Piriform Ltd) C:\Users\Scott\Downloads\ccsetup404.exe
2013-11-05 03:08 - 2013-11-05 03:08 - 10031224 _____ (VS Revo Group                                               ) C:\Users\Scott\Downloads\RevoUninProSetup.exe
2013-11-05 03:08 - 2013-11-05 03:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Scott\Downloads\revosetup.exe
2013-11-05 03:08 - 2013-11-05 03:08 - 00001270 _____ C:\Users\Scott\Desktop\Revo Uninstaller.lnk
2013-11-05 03:08 - 2013-11-05 03:08 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-11-05 02:44 - 2013-11-05 02:44 - 00022645 _____ C:\ComboFix.txt
2013-11-04 20:29 - 2013-11-04 20:29 - 00000000 _____ C:\Windows\SysWOW64\out.txt
2013-11-04 19:42 - 2013-11-04 19:42 - 00000000 ____D C:\Windows\ERUNT
2013-11-04 19:40 - 2013-11-04 19:40 - 01033335 _____ (Thisisu) C:\Users\Scott\Downloads\JRT.exe
2013-11-04 19:22 - 2013-11-16 08:37 - 00000000 ____D C:\AdwCleaner
2013-11-04 19:21 - 2013-11-04 19:20 - 01073258 _____ C:\Users\Scott\Downloads\AdwCleaner.exe
2013-11-03 22:08 - 2013-11-03 22:08 - 01463328 _____ C:\Users\Scott\Downloads\SystemCheck_enGB(1).exe
2013-11-03 16:55 - 2013-11-03 16:55 - 00000222 _____ C:\Users\Scott\Desktop\A-Train 8.url
2013-11-01 18:25 - 2013-11-01 18:25 - 01111552 _____ C:\Users\Scott\Downloads\TerrariViewer.exe
2013-11-01 15:21 - 2013-11-15 20:18 - 00000000 ____D C:\Users\Scott\AppData\Roaming\TS3Client
2013-11-01 15:21 - 2013-11-01 15:21 - 00001168 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-11-01 15:20 - 2013-11-01 15:21 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-11-01 15:20 - 2013-11-01 15:20 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Scott\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2013-10-30 23:44 - 2013-10-30 23:44 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Scott\Downloads\tdsskiller.exe
2013-10-30 23:42 - 2013-09-04 12:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-30 23:42 - 2013-09-04 12:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-30 23:42 - 2013-09-04 12:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-30 23:42 - 2013-09-04 12:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-30 23:42 - 2013-09-04 12:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-30 23:42 - 2013-09-04 12:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-30 23:42 - 2013-09-04 12:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-26 11:40 - 2013-10-26 11:40 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-25 18:29 - 2013-10-25 18:29 - 00000000 ____D C:\Users\Scott\AppData\Local\Castle Story Prototype
2013-10-25 18:20 - 2013-10-25 18:20 - 00000194 _____ C:\Users\Scott\Desktop\Castle Story.url
2013-10-24 07:23 - 2013-10-24 07:23 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-24 07:22 - 2013-10-24 07:23 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-24 07:22 - 2013-10-24 07:23 - 00000000 ____D C:\Program Files\iTunes
2013-10-24 07:22 - 2013-10-24 07:23 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-24 07:22 - 2013-10-24 07:22 - 00000000 ____D C:\Program Files\iPod
2013-10-21 00:51 - 2013-10-21 00:51 - 03590800 _____ (                                                            ) C:\Users\Scott\Downloads\nl_setup_beta(3).exe
2013-10-20 12:00 - 2013-10-20 12:00 - 00000222 _____ C:\Users\Scott\Desktop\Bridge Constructor.url
2013-10-20 11:56 - 2013-10-20 11:56 - 00000222 _____ C:\Users\Scott\Desktop\Contrast.url

==================== One Month Modified Files and Folders =======

2013-11-16 10:12 - 2011-12-12 22:20 - 00000000 ____D C:\Users\Scott\AppData\Local\534F2523-F66E-47AB-BDA2-A72F9D456459.aplzod
2013-11-16 10:11 - 2013-11-16 10:10 - 00021956 _____ C:\Users\Scott\Downloads\FRST.txt
2013-11-16 10:10 - 2013-11-16 10:10 - 00000000 ____D C:\FRST
2013-11-16 10:10 - 2013-11-16 10:09 - 01957794 _____ (Farbar) C:\Users\Scott\Downloads\FRST64.exe
2013-11-16 09:54 - 2010-10-09 03:27 - 01938570 _____ C:\Windows\WindowsUpdate.log
2013-11-16 09:37 - 2012-04-07 19:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-16 09:09 - 2010-12-30 01:58 - 00000000 _____ C:\Windows\SysWOW64\info.log
2013-11-16 08:37 - 2013-11-04 19:22 - 00000000 ____D C:\AdwCleaner
2013-11-16 08:36 - 2009-07-14 04:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-16 08:36 - 2009-07-14 04:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-16 08:30 - 2011-07-27 21:06 - 00000000 ____D C:\Users\Scott\AppData\Local\LogMeIn Hamachi
2013-11-16 08:29 - 2011-12-24 14:22 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-16 08:26 - 2013-11-06 22:40 - 00000280 _____ C:\Windows\setupact.log
2013-11-16 08:26 - 2012-12-02 18:38 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Skype
2013-11-16 08:26 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-16 08:25 - 2010-12-31 10:28 - 00000000 ____D C:\Program Files (x86)\DigiGuide TV Guide
2013-11-16 08:08 - 2013-11-16 08:08 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-16 08:05 - 2012-04-24 22:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 04:08 - 2013-11-16 04:07 - 01085542 _____ C:\Users\Scott\Downloads\AdwCleaner(1).exe
2013-11-16 04:06 - 2013-11-15 20:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 03:27 - 2013-11-07 08:17 - 00000000 ____D C:\Program Files (x86)\VyprVPN
2013-11-15 20:20 - 2013-11-15 20:20 - 00688992 ____R (Swearware) C:\Users\Scott\Downloads\dds.com
2013-11-15 20:18 - 2013-11-01 15:21 - 00000000 ____D C:\Users\Scott\AppData\Roaming\TS3Client
2013-11-15 19:00 - 2010-12-29 16:23 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-13 03:58 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 03:25 - 2010-12-29 16:44 - 00000000 ____D C:\Program Files (x86)\Trillian
2013-11-13 03:24 - 2009-07-24 19:22 - 00000000 ____D C:\Windows\Panther
2013-11-13 03:05 - 2010-12-29 17:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 03:04 - 2013-08-15 02:05 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 03:01 - 2010-12-30 00:10 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 02:21 - 2011-01-15 10:53 - 00000000 ____D C:\Users\Scott\AppData\Roaming\vlc
2013-11-10 00:20 - 2010-10-09 03:27 - 00000000 ____D C:\ProgramData\PDFC
2013-11-09 17:01 - 2013-11-09 17:00 - 00017513 _____ C:\Windows\DirectX.log
2013-11-09 15:20 - 2013-11-09 15:20 - 00000219 _____ C:\Users\Scott\Desktop\Dota 2.url
2013-11-08 22:21 - 2009-07-14 05:13 - 00783270 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-08 21:21 - 2013-11-08 21:21 - 00000222 _____ C:\Users\Scott\Desktop\King Arthur's Gold.url
2013-11-08 18:17 - 2013-11-08 18:17 - 00000756 _____ C:\Users\Scott\Desktop\JRT.txt
2013-11-07 22:15 - 2013-11-07 22:15 - 03646168 _____ C:\Users\Scott\Downloads\drupal-7.23.zip
2013-11-07 08:18 - 2013-11-07 08:18 - 00000546 _____ C:\Windows\PFRO.log
2013-11-07 08:17 - 2013-11-07 08:17 - 00002678 _____ C:\Windows\System32\Tasks\VyprVPN
2013-11-07 08:17 - 2010-12-29 16:11 - 00000000 ___RD C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-07 08:15 - 2013-11-07 08:15 - 16243680 _____ (Golden Frog, Inc.) C:\Users\Scott\Downloads\VyprVPN-1.4.1-installer.exe
2013-11-06 23:42 - 2013-11-07 22:58 - 00005376 _____ C:\Users\Scott\Downloads\README.txt
2013-11-06 23:24 - 2013-11-06 23:12 - 00000000 ____D C:\Users\Scott\Desktop\yhsbackup
2013-11-06 23:17 - 2013-11-06 23:17 - 05257489 _____ C:\Users\Scott\Downloads\db57276.sql
2013-11-06 22:46 - 2013-11-06 22:48 - 00011831 _____ C:\Users\Scott\Downloads\access.log.2013.11.06
2013-11-06 22:40 - 2013-11-06 22:40 - 00000000 _____ C:\Windows\setuperr.log
2013-11-06 02:10 - 2013-11-06 22:51 - 00005708 _____ C:\Users\Scott\Downloads\awstats112013.txt
2013-11-05 22:36 - 2013-11-08 18:07 - 01034531 _____ (Thisisu) C:\Users\Scott\Desktop\JRT_NEW.exe
2013-11-05 22:02 - 2013-11-06 22:47 - 00001290 _____ C:\Users\Scott\Downloads\access.log.2013.11.05.gz
2013-11-05 17:51 - 2013-11-05 17:51 - 00001192 _____ C:\Users\Scott\Desktop\MailWasherPro.lnk
2013-11-05 17:51 - 2013-11-05 17:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firetrust
2013-11-05 17:51 - 2010-12-30 11:12 - 00000090 _____ C:\Windows\SysWOW64\ftm31.dat
2013-11-05 17:50 - 2010-12-30 11:12 - 00000000 ____D C:\ProgramData\Firetrust
2013-11-05 03:19 - 2011-06-30 21:37 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Vso
2013-11-05 03:18 - 2013-02-08 18:08 - 00000000 ____D C:\Windows\Minidump
2013-11-05 03:18 - 2011-02-13 15:11 - 00000000 ____D C:\Users\Scott\Tracing
2013-11-05 03:18 - 2011-01-30 10:48 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ventrilo
2013-11-05 03:17 - 2013-11-05 03:17 - 00358254 _____ C:\Users\Scott\Documents\cc_20131105_031728.reg
2013-11-05 03:16 - 2013-11-05 03:16 - 00000000 ____D C:\ProgramData\Oracle
2013-11-05 03:15 - 2013-11-05 03:16 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-05 03:15 - 2013-11-05 03:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-05 03:15 - 2013-11-05 03:16 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-05 03:15 - 2013-11-05 03:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-05 03:15 - 2013-11-05 03:15 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-05 03:15 - 2013-11-05 03:15 - 00000000 ____D C:\Program Files\CCleaner
2013-11-05 03:15 - 2011-02-13 18:25 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-05 03:09 - 2013-11-05 03:09 - 04429440 _____ (Piriform Ltd) C:\Users\Scott\Downloads\ccsetup404.exe
2013-11-05 03:08 - 2013-11-05 03:08 - 10031224 _____ (VS Revo Group                                               ) C:\Users\Scott\Downloads\RevoUninProSetup.exe
2013-11-05 03:08 - 2013-11-05 03:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Scott\Downloads\revosetup.exe
2013-11-05 03:08 - 2013-11-05 03:08 - 00001270 _____ C:\Users\Scott\Desktop\Revo Uninstaller.lnk
2013-11-05 03:08 - 2013-11-05 03:08 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-11-05 02:44 - 2013-11-05 02:44 - 00022645 _____ C:\ComboFix.txt
2013-11-05 02:44 - 2012-06-18 21:11 - 00000000 ____D C:\Qoobox
2013-11-05 02:42 - 2009-07-14 02:34 - 00000215 _____ C:\Windows\system.ini
2013-11-04 20:29 - 2013-11-04 20:29 - 00000000 _____ C:\Windows\SysWOW64\out.txt
2013-11-04 20:28 - 2012-06-18 21:10 - 00000000 ____D C:\Windows\erdnt
2013-11-04 20:09 - 2012-06-18 21:09 - 05143677 ____R (Swearware) C:\Users\Scott\Downloads\ComboFix.exe
2013-11-04 19:42 - 2013-11-04 19:42 - 00000000 ____D C:\Windows\ERUNT
2013-11-04 19:40 - 2013-11-04 19:40 - 01033335 _____ (Thisisu) C:\Users\Scott\Downloads\JRT.exe
2013-11-04 19:25 - 2010-12-29 16:03 - 00000000 ____D C:\Users\Scott
2013-11-04 19:20 - 2013-11-04 19:21 - 01073258 _____ C:\Users\Scott\Downloads\AdwCleaner.exe
2013-11-04 17:09 - 2013-08-28 21:30 - 00000000 ____D C:\Users\Scott\AppData\Local\Battle.net
2013-11-03 22:24 - 2013-09-04 21:19 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2013-11-03 22:08 - 2013-11-03 22:08 - 01463328 _____ C:\Users\Scott\Downloads\SystemCheck_enGB(1).exe
2013-11-03 16:55 - 2013-11-03 16:55 - 00000222 _____ C:\Users\Scott\Desktop\A-Train 8.url
2013-11-03 14:55 - 2013-08-18 11:55 - 00217600 _____ C:\Users\Scott\Desktop\jacob-1.17-M2-x64.dll
2013-11-03 14:55 - 2013-08-18 11:55 - 00176128 _____ C:\Users\Scott\Desktop\jacob-1.17-M2-x86.dll
2013-11-01 18:25 - 2013-11-01 18:25 - 01111552 _____ C:\Users\Scott\Downloads\TerrariViewer.exe
2013-11-01 15:21 - 2013-11-01 15:21 - 00001168 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-11-01 15:21 - 2013-11-01 15:20 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-11-01 15:20 - 2013-11-01 15:20 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Scott\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2013-10-30 23:44 - 2013-10-30 23:44 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Scott\Downloads\tdsskiller.exe
2013-10-30 23:40 - 2013-03-24 22:50 - 00002652 _____ C:\Users\Scott\Desktop\Rkill.txt
2013-10-30 22:58 - 2013-05-06 17:48 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Erem
2013-10-30 22:58 - 2013-05-06 17:42 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Lumo
2013-10-28 19:59 - 2013-03-20 23:18 - 00078838 _____ C:\Users\Scott\Documents\team.pptx
2013-10-26 11:40 - 2013-10-26 11:40 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-26 11:40 - 2010-10-09 03:29 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-26 09:41 - 2013-08-28 21:29 - 00000000 ____D C:\Program Files (x86)\Battle.net
2013-10-25 18:29 - 2013-10-25 18:29 - 00000000 ____D C:\Users\Scott\AppData\Local\Castle Story Prototype
2013-10-25 18:20 - 2013-10-25 18:20 - 00000194 _____ C:\Users\Scott\Desktop\Castle Story.url
2013-10-24 07:23 - 2013-10-24 07:23 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-24 07:23 - 2013-10-24 07:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-24 07:23 - 2013-10-24 07:22 - 00000000 ____D C:\Program Files\iTunes
2013-10-24 07:23 - 2013-10-24 07:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-24 07:22 - 2013-10-24 07:22 - 00000000 ____D C:\Program Files\iPod
2013-10-22 06:50 - 2011-01-06 07:50 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForScott
2013-10-22 06:50 - 2011-01-06 07:50 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForScott.job
2013-10-21 00:52 - 2010-12-29 18:24 - 00000000 ____D C:\Users\Scott\AppData\Roaming\NewsLeecher
2013-10-21 00:51 - 2013-10-21 00:51 - 03590800 _____ (                                                            ) C:\Users\Scott\Downloads\nl_setup_beta(3).exe
2013-10-21 00:51 - 2011-03-05 08:10 - 00000979 _____ C:\Users\Scott\Desktop\NewsLeecher.lnk
2013-10-21 00:51 - 2010-12-29 17:59 - 00000000 ____D C:\Program Files (x86)\NewsLeecher
2013-10-20 12:00 - 2013-10-20 12:00 - 00000222 _____ C:\Users\Scott\Desktop\Bridge Constructor.url
2013-10-20 11:56 - 2013-10-20 11:56 - 00000222 _____ C:\Users\Scott\Desktop\Contrast.url

Some content of TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 00:57

==================== End Of Log ============================

 

 

Addition.txt

Link to post
Share on other sites
dz1981

dz1981

Posted
  • Author
Posted

ComboFix 13-11-16.01 - Scott 16/11/2013  17:45:41.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.10239.7301 [GMT 0:00]
Running from: c:\users\Scott\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-16 to 2013-11-16  )))))))))))))))))))))))))))))))
.
.
2013-11-16 17:54 . 2013-11-16 17:54    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-11-16 17:54 . 2013-11-16 17:54    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-16 17:54 . 2013-11-16 17:54    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-11-16 10:10 . 2013-11-16 10:10    --------    d-----w-    C:\FRST
2013-11-16 08:08 . 2013-11-16 08:08    --------    d-----w-    c:\program files (x86)\LogMeIn Hamachi
2013-11-16 03:36 . 2013-10-14 07:12    10280728    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{928B844F-6521-4DB1-B6CB-B72C4AB68282}\mpengine.dll
2013-11-15 03:36 . 2013-10-14 07:12    10280728    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-13 01:43 . 2013-10-05 20:25    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-11-11 08:31 . 2013-10-18 02:13    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5197C511-F667-4BD5-853E-BCF955DE62FE}\gapaengine.dll
2013-11-07 08:17 . 2013-11-16 03:27    --------    d-----w-    c:\program files (x86)\VyprVPN
2013-11-05 03:16 . 2013-11-05 03:16    --------    d-----w-    c:\programdata\Oracle
2013-11-05 03:16 . 2013-11-05 03:16    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-11-05 03:16 . 2013-11-05 03:15    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-05 03:15 . 2013-11-05 03:15    --------    d-----w-    c:\program files\CCleaner
2013-11-05 03:08 . 2013-11-05 03:08    --------    d-----w-    c:\program files (x86)\VS Revo Group
2013-11-04 19:42 . 2013-11-04 19:42    --------    d-----w-    c:\windows\ERUNT
2013-11-04 19:22 . 2013-11-16 08:37    --------    d-----w-    C:\AdwCleaner
2013-11-01 15:21 . 2013-11-16 17:39    --------    d-----w-    c:\users\Scott\AppData\Roaming\TS3Client
2013-11-01 15:20 . 2013-11-01 15:21    --------    d-----w-    c:\program files (x86)\TeamSpeak 3 Client
2013-10-30 23:42 . 2013-09-04 12:12    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-10-30 23:42 . 2013-09-04 12:11    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-10-30 23:42 . 2013-09-04 12:11    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-10-30 23:42 . 2013-09-04 12:11    52736    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-10-30 23:42 . 2013-09-04 12:11    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-10-30 23:42 . 2013-09-04 12:11    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-10-30 23:42 . 2013-09-04 12:11    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-10-26 11:40 . 2013-10-26 11:40    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-10-25 18:29 . 2013-10-25 18:29    --------    d-----w-    c:\users\Scott\AppData\Local\Castle Story Prototype
2013-10-24 07:22 . 2013-10-24 07:22    --------    d-----w-    c:\program files\iPod
2013-10-24 07:22 . 2013-10-24 07:23    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-24 07:22 . 2013-10-24 07:23    --------    d-----w-    c:\program files\iTunes
2013-10-24 07:22 . 2013-10-24 07:23    --------    d-----w-    c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 03:01 . 2010-12-30 00:10    82896128    ----a-w-    c:\windows\system32\MRT.exe
2013-10-18 02:13 . 2011-03-26 03:26    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-09 13:37 . 2012-04-07 19:27    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 13:37 . 2011-05-29 17:41    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-08 02:30 . 2013-10-09 22:32    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 22:32    327168    ----a-w-    c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 22:32    231424    ----a-w-    c:\windows\SysWow64\mswsock.dll
2013-08-29 02:17 . 2013-10-09 22:32    5549504    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 22:32    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 22:32    243712    ----a-w-    c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 22:32    859648    ----a-w-    c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 22:32    878080    ----a-w-    c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 22:32    3969472    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 22:32    3914176    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 22:32    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 22:32    1292192    ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 22:32    619520    ----a-w-    c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 22:32    640512    ----a-w-    c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 22:32    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-08-29 01:29 . 2013-10-09 22:32    33280    ----a-w-    c:\windows\system32\drivers\usbser.sys
2013-08-29 00:49 . 2013-10-09 22:32    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 22:32    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 22:32    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 22:32    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 22:32    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 22:31    461312    ----a-w-    c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-03-22 248208]
"RIMDeviceManager"="c:\program files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2013-04-30 2433552]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-07-17 3456080]
"BlackBerryLink.exe"="c:\program files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" [2013-05-06 3786768]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-04-25 61112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"RIM PeerManager"="c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" [2013-04-26 4265472]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-19 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-11 2349392]
.
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DigiGuide TV Guide.lnk - c:\program files (x86)\DigiGuide TV Guide\Client.exe [2010-12-31 570416]
MailWasherPro.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe -nosplash [2013-10-31 5759816]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2013-10-21 2622832]
VyprVPN.lnk - c:\windows\system32\schtasks.exe /Run /TN "VyprVPN" [2011-3-7 285696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
XPS2OneNote.lnk - c:\windows\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe [2013-4-7 10134]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
R3 cpuz135;cpuz135;c:\users\Scott\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\Scott\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe;c:\elsawin\bin\LcSvrAdm.exe [x]
S2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe;c:\elsawin\bin\LcSvrDba.exe [x]
S2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe;c:\elsawin\bin\LcSvrHis.exe [x]
S2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe;c:\elsawin\bin\LcSvrPas.exe [x]
S2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe;c:\elsawin\bin\LcSvrSaz.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 RIM MDNS;RIM MDNS;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [x]
S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe;c:\elsawin\bin\LcSvrAuf.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6_AMD64.sys;c:\windows\SYSNATIVE\Drivers\rimvndis6_AMD64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 13:37]
.
2013-10-22 c:\windows\Tasks\HPCeeScheduleForScott.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2x64.exe" [2012-02-24 1241456]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{5A4A9D58-C521-4502-AFAF-33B04E09874A}: NameServer = 8.8.8.8,8.8.8.4
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\f7e3qo4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news/|http://forums.clublupo.co.uk/|http://scottishvag.com/|http://forum.dirtystancing.com/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2790033728-3790598544-3680624830-1001\Software\SecuROM\License information*]
"datasecu"=hex:85,01,1d,35,a1,86,49,93,0f,72,b2,f8,7b,4e,4b,64,b7,e7,9c,a4,52,
   0d,57,5f,e9,c1,2b,9b,a2,fa,91,4d,f7,4f,26,53,1b,be,1c,3e,51,56,ba,d0,66,06,\
"rkeysecu"=hex:61,e8,9f,0b,c4,91,71,6a,60,ce,c4,91,cb,31,f4,3d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-16  17:57:23
ComboFix-quarantined-files.txt  2013-11-16 17:57
ComboFix2.txt  2013-11-04 20:36
ComboFix3.txt  2012-06-18 21:59
.
Pre-Run: 494,403,637,248 bytes free
Post-Run: 494,126,637,056 bytes free
.
- - End Of File - - 05CD120099DAD36E0257D73FA7F36EF3
45D8FFACBD22D41138B75EB199BAFF99
 

Link to post
Share on other sites
dz1981

dz1981

Posted
  • Author
Posted

Here you go

 

ComboFix-quarantined-files

 

2013-11-05 02:33:13 . 2013-11-05 02:33:13                0 ----a-w-  C:\Qoobox\Quarantine\catchme.txt
2013-11-04 20:36:20 . 2013-11-04 20:36:20              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-11-04 20:35:12 . 2013-11-04 20:35:12              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2013-11-04 20:34:58 . 2013-11-04 20:34:58              173 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-MobileDocuments.reg.dat
2013-07-01 15:37:23 . 2013-07-01 15:37:47               85 ----a-w-  C:\Qoobox\Quarantine\C\Windows\wininit.ini.vir
2013-03-13 08:04:28 . 2013-03-13 08:04:28              422 ----a-w-  C:\Qoobox\Quarantine\C\Program Files (x86)\WinPcap\install.log.vir
2013-02-26 22:31:40 . 2013-02-26 22:31:57            1,057 ----a-w-  C:\Qoobox\Quarantine\C\Users\Scott\AppData\Roaming\vso_ts_preview.xml.vir
2013-02-01 18:28:21 . 2013-02-01 18:28:21                0 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\out.txt.vir
2012-10-09 05:43:21 . 2012-10-09 05:43:21                0 ----a-w-  C:\Qoobox\Quarantine\C\Users\Scott\AppData\Roaming\Nyof\gagee.aks.vir
2012-08-02 09:56:00 . 2012-08-02 09:56:00                0 ----a-w-  C:\Qoobox\Quarantine\C\Users\Scott\AppData\Roaming\Ypwy\apzoz.icu.vir
2012-06-18 21:58:30 . 2012-06-18 21:58:30            3,936 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1}.reg.dat
2012-06-18 21:58:30 . 2012-06-18 21:58:30              900 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-EasyBits Magic Desktop.reg.dat
2012-06-18 21:58:02 . 2012-06-18 21:58:02              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2012-06-18 21:38:09 . 2007-11-07 08:03:18          562,688 ----a-w-  C:\Qoobox\Quarantine\F\install.exe.vir
2012-06-18 21:25:40 . 2013-11-16 17:52:00           17,376 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-06-18 21:14:52 . 2013-11-16 17:42:59              204 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2011-03-07 00:39:35 . 2010-11-20 12:17:48           26,624 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\userinit.exe.vir
2009-10-20 18:19:48 . 2009-10-20 18:19:48          117,264 ----a-w-  C:\Qoobox\Quarantine\C\Program Files (x86)\WinPcap\rpcapd.exe.vir
2007-11-07 08:03:18 . 2007-11-07 08:03:18          562,688 ----a-w-  C:\Qoobox\Quarantine\C\Install.exe.vir
 

ComboFix2

 

ComboFix 13-11-03.02 - Scott 04/11/2013  20:14:57.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.10239.7815 [GMT 0:00]
Running from: c:\users\Scott\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\WinPCap
c:\program files (x86)\WinPCap\install.log
c:\program files (x86)\WinPCap\rpcapd.exe
c:\users\Scott\AppData\Roaming\Nyof
c:\users\Scott\AppData\Roaming\Nyof\gagee.aks
c:\users\Scott\AppData\Roaming\vso_ts_preview.xml
c:\windows\SysWow64\out.txt
c:\windows\wininit.ini
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-04 to 2013-11-04  )))))))))))))))))))))))))))))))
.
.
2013-11-04 20:25 . 2013-11-04 20:25    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-11-04 20:25 . 2013-11-04 20:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-04 20:25 . 2013-11-04 20:25    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-11-04 19:42 . 2013-11-04 19:42    --------    d-----w-    c:\windows\ERUNT
2013-11-04 19:30 . 2013-11-04 19:30    --------    d-----w-    c:\program files (x86)\LogMeIn Hamachi
2013-11-04 19:22 . 2013-11-04 19:24    --------    d-----w-    C:\AdwCleaner
2013-11-04 03:29 . 2013-10-14 07:12    10280728    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16D98539-3247-407E-9554-7FAD63B7BAAC}\mpengine.dll
2013-11-03 03:30 . 2013-10-14 07:12    10280728    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-01 15:21 . 2013-11-04 19:40    --------    d-----w-    c:\users\Scott\AppData\Roaming\TS3Client
2013-11-01 15:20 . 2013-11-01 15:21    --------    d-----w-    c:\program files (x86)\TeamSpeak 3 Client
2013-10-30 23:42 . 2013-09-04 12:12    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-10-30 23:42 . 2013-09-04 12:11    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-10-30 23:42 . 2013-09-04 12:11    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-10-30 23:42 . 2013-09-04 12:11    52736    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-10-30 23:42 . 2013-09-04 12:11    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-10-30 23:42 . 2013-09-04 12:11    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-10-30 23:42 . 2013-09-04 12:11    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-10-26 11:40 . 2013-10-26 11:40    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-10-25 18:29 . 2013-10-25 18:29    --------    d-----w-    c:\users\Scott\AppData\Local\Castle Story Prototype
2013-10-24 07:22 . 2013-10-24 07:22    --------    d-----w-    c:\program files\iPod
2013-10-24 07:22 . 2013-10-24 07:23    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-24 07:22 . 2013-10-24 07:23    --------    d-----w-    c:\program files\iTunes
2013-10-24 07:22 . 2013-10-24 07:23    --------    d-----w-    c:\program files (x86)\iTunes
2013-10-18 02:13 . 2013-10-18 02:13    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BD346D5-FE62-4710-ACA6-5D2CDCD82840}\gapaengine.dll
2013-10-10 02:16 . 2013-09-22 22:54    19252224    ----a-w-    c:\windows\system32\mshtml.dll
2013-10-09 22:31 . 2013-08-01 12:09    983488    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-10-09 22:31 . 2013-07-20 10:33    102608    ----a-w-    c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 22:31 . 2013-07-20 10:33    124112    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 22:31 . 2013-08-28 01:12    461312    ----a-w-    c:\windows\system32\scavengeui.dll
2013-10-06 08:15 . 2013-10-06 08:15    --------    d-----w-    c:\users\Scott\AppData\Local\LogMeIn
2013-10-06 08:15 . 2013-10-06 08:15    --------    d-----w-    c:\programdata\LogMeIn
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 02:06 . 2010-12-30 00:10    80541720    ----a-w-    c:\windows\system32\MRT.exe
2013-10-09 13:37 . 2012-04-07 19:27    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 13:37 . 2011-05-29 17:41    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-06 14:27 . 2011-03-26 03:26    965008    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-29 01:48 . 2013-10-09 22:32    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-03-22 248208]
"RIMDeviceManager"="c:\program files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2013-04-30 2433552]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-07-17 3456080]
"BlackBerryLink.exe"="c:\program files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" [2013-05-06 3786768]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-04-25 61112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"RIM PeerManager"="c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" [2013-04-26 4265472]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-19 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-10-31 2349392]
.
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DigiGuide TV Guide.lnk - c:\program files (x86)\DigiGuide TV Guide\Client.exe [2010-12-31 570416]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2013-10-21 2622832]
VyprVPN.lnk - c:\windows\system32\schtasks.exe /Run /TN "VyprVPN" [2011-3-7 285696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
XPS2OneNote.lnk - c:\windows\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe [2013-4-7 10134]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
R3 cpuz135;cpuz135;c:\users\Scott\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\Scott\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe;c:\elsawin\bin\LcSvrAdm.exe [x]
S2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe;c:\elsawin\bin\LcSvrDba.exe [x]
S2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe;c:\elsawin\bin\LcSvrHis.exe [x]
S2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe;c:\elsawin\bin\LcSvrPas.exe [x]
S2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe;c:\elsawin\bin\LcSvrSaz.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 RIM MDNS;RIM MDNS;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [x]
S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe;c:\elsawin\bin\LcSvrAuf.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6_AMD64.sys;c:\windows\SYSNATIVE\Drivers\rimvndis6_AMD64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 13:37]
.
2013-10-22 c:\windows\Tasks\HPCeeScheduleForScott.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2x64.exe" [2012-02-24 1241456]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{5A4A9D58-C521-4502-AFAF-33B04E09874A}: NameServer = 8.8.8.8,8.8.8.4
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\f7e3qo4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news/|http://forums.clublupo.co.uk/|http://scottishvag.com/|http://forum.dirtystancing.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-HijackThis - f:\program files\Trend Micro\HijackThis\HijackThis.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2790033728-3790598544-3680624830-1001\Software\SecuROM\License information*]
"datasecu"=hex:85,01,1d,35,a1,86,49,93,0f,72,b2,f8,7b,4e,4b,64,b7,e7,9c,a4,52,
   0d,57,5f,e9,c1,2b,9b,a2,fa,91,4d,f7,4f,26,53,1b,be,1c,3e,51,56,ba,d0,66,06,\
"rkeysecu"=hex:61,e8,9f,0b,c4,91,71,6a,60,ce,c4,91,cb,31,f4,3d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Activ Software\ActivDriver\activmgr.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files (x86)\DigiGuide TV Guide\digiguide.exe
c:\program files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
c:\program files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe
c:\program files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe
c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
c:\program files (x86)\trillian\plugins\skypekit.exe
.
**************************************************************************
.
Completion time: 2013-11-04  20:36:19 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-04 20:36
ComboFix2.txt  2012-06-18 21:59
.
Pre-Run: 479,814,201,344 bytes free
Post-Run: 480,367,005,696 bytes free
.
- - End Of File - - 64A349C9757FC5D224EA014092943358
45D8FFACBD22D41138B75EB199BAFF99
 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for those logs, now I see the infection that CF fix for you. OK continue:

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log
 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Next,

 

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 

 

Let me see those logs, also tell me if you have any remaining issues or concerns...

 

Thanks,

 

Kevin

Link to post
Share on other sites
dz1981

dz1981

Posted
  • Author
Posted

Hi Kevin,

 

Below are the requested logs, currently i don't have any other issues or concerns (but i'm glad it found something on one of the scans).  Ive reenabled the protection module on malwarebytes as well as windows defender and microsoft security essentials

 

Cheers

 

Scott

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Scott :: SHINEY [administrator]

Protection: Disabled

16/11/2013 20:31:52
mbam-log-2013-11-16 (20-31-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 235800
Time elapsed: 5 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

eset

 

C:\Users\Scott\Downloads\cbsidlm-tr1_13-Free_Window_Registry_Repair-ORG-10606555.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
 

 

security check

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (25.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Malwarebytes Anti-Malware mbam.exe  
 Firetrust MailWasher MailWasherPro.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Continue.....

 

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Uninstall adwcleaner.exe

 

  •  

     

  •   Please close all open programs and internet browsers.

     

     

  •   Double click on adwcleaner.exe to run the tool.

     

     

  •   Click on Uninstall

     

     

  • Click Yes at Would you like to Uninstall Adwcleaner

     

     

 

 

Next,

 

Remove Combofix now that we're done with it

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

  •    
  • ComboFix and its associated files and folders.
       
  • VundoFix backups, if present
       
  • The C:_OtMoveIt folder, if present
       
  • Reset the clock settings.
       
  • Hide file extensions, if required.
       
  • Hide System/Hidden files, if required.
       
  • Reset System Restore.


It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.
 

 

Next,

 

 

  •  

     

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.

     

     

  • Double click OTC_Icon.jpg icon to start the program.

     

    If you are using Vista or Windows 7 accept UAC

     

  • Then Click the big CleanUp.jpg button.

     

     

  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.

     

     

  • Restart your computer when prompted.

     

     

  • This will remove tools we have used and itself.

     

     

 

 

Any tools/logs remaining on the Desktop or downloads folder can be deleted.

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Let me know if those steps complete, also tell me if there are any remaining issues or concerns.....

 

Kevin

fixlist.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Do you mean another IP block? do you have the log?

 

Run the following:

 

download aswMBR from here: http://files.avast.com/files/rootkit-scanner/aswmbr.exe ( 4.5MB ) save to your desktop.

 

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up.  Please just wait a minute or two.
  • When asked if you'd like to “download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

 

Note: There will also be a file on your desktop named MBR.dat zip up that file and attach to your reply...

 

Next,

 

download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                     

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller


     
    Post those logs
Link to post
Share on other sites
dz1981

dz1981

Posted
  • Author
Posted

Hi Kevin,

 

Logs as requested

 

Cheers

 

Scott

 

2013/11/18 17:52:14 GMT    SHINEY    Scott    MESSAGE    Executing scheduled update:  Daily
2013/11/18 17:52:22 GMT    SHINEY    Scott    MESSAGE    Scheduled update executed successfully:  database updated from version v2013.11.17.03 to version v2013.11.18.06
2013/11/18 17:52:22 GMT    SHINEY    Scott    MESSAGE    Starting database refresh
2013/11/18 17:52:22 GMT    SHINEY    Scott    MESSAGE    Stopping IP protection
2013/11/18 17:52:23 GMT    SHINEY    Scott    MESSAGE    IP Protection stopped successfully
2013/11/18 17:52:26 GMT    SHINEY    Scott    MESSAGE    Database refreshed successfully
2013/11/18 17:52:26 GMT    SHINEY    Scott    MESSAGE    Starting IP protection
2013/11/18 17:52:34 GMT    SHINEY    Scott    MESSAGE    IP Protection started successfully
2013/11/18 20:19:52 GMT    SHINEY    Scott    IP-BLOCK    195.59.55.138 (Type: outgoing, Port: 53885, Process: firefox.exe)
2013/11/18 20:20:40 GMT    SHINEY    Scott    MESSAGE    Starting database refresh
2013/11/18 20:20:40 GMT    SHINEY    Scott    MESSAGE    Stopping IP protection
2013/11/18 20:20:40 GMT    SHINEY    Scott    MESSAGE    IP Protection stopped successfully
2013/11/18 20:20:43 GMT    SHINEY    Scott    MESSAGE    Database refreshed successfully
2013/11/18 20:20:43 GMT    SHINEY    Scott    MESSAGE    Starting IP protection
2013/11/18 20:20:51 GMT    SHINEY    Scott    MESSAGE    IP Protection started successfully
 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-18 21:41:54
-----------------------------
21:41:54.604    OS Version: Windows x64 6.1.7601 Service Pack 1
21:41:54.604    Number of processors: 2 586 0x603
21:41:54.605    ComputerName: SHINEY  UserName: Scott
21:42:00.385    Initialize success
21:43:51.526    AVAST engine defs: 13111801
21:44:00.625    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
21:44:00.641    Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 3
21:44:00.641    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000063
21:44:00.641    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
21:44:00.703    Disk 0 MBR read successfully
21:44:00.703    Disk 0 MBR scan
21:44:00.719    Disk 0 unknown MBR code
21:44:00.734    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:44:00.766    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       941205 MB offset 206848
21:44:00.828    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        12562 MB offset 1927794688
21:44:00.906    Disk 0 scanning C:\Windows\system32\drivers
21:44:15.528    Service scanning
21:44:48.132    Modules scanning
21:44:48.132    Disk 0 trace - called modules:
21:44:48.148    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
21:44:48.148    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008ecc2d0]
21:44:48.148    3 CLASSPNP.SYS[fffff8800166c43f] -> nt!IofCallDriver -> [0xfffffa8007edce40]
21:44:48.164    5 ACPI.sys[fffff88000f4d7a1] -> nt!IofCallDriver -> \Device\00000062[0xfffffa8008a0f550]
21:44:51.114    AVAST engine scan C:\Windows
21:44:57.153    AVAST engine scan C:\Windows\system32
21:53:05.682    AVAST engine scan C:\Windows\system32\drivers
21:53:38.687    AVAST engine scan C:\Users\Scott
23:18:55.561    AVAST engine scan C:\ProgramData
23:28:33.959    Scan finished successfully
02:03:39.942    Disk 0 MBR has been saved successfully to "C:\Users\Scott\Downloads\MBR.dat"
02:03:40.006    The log file has been saved successfully to "C:\Users\Scott\Downloads\aswMBR.txt"

RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Scott [Admin rights]
Mode : Scan -- Date : 11/19/2013 02:22:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH][DLL] explorer.exe -- C:\ProgramData\ACTIV Software\ActivApplications\ActivFocusHook.dll [x] -> UNLOADED

¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST310005 28AS SCSI Disk Device +++++
--- User ---
[MBR] 12dd30c85b07cd1fc4cda3cab6131cb5
[bSP] 08c2881f6f7da4c1c1e981a0e0fcc726 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941205 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1927794688 | Size: 12562 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST332082 0AS SCSI Disk Device +++++
--- User ---
[MBR] 43b7439340522235bbd5873aa434d9ee
[bSP] fae3aefd260a34ffe48a43c7f22fd8fa : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 8197 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16789504 | Size: 297046 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Multi Flash Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_11192013_022200.txt >>
RKreport[0]_S_11192013_020951.txt;RKreport[0]_S_11192013_021435.txt



 

MBR.zip

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

It could be software you have installed that will send back data, it is not being flagged as malicious. Do you have any other remaining issues or concerns?

 

This is the site I normally check out IP`s against, gives too many green ticks for the one you post to be troublesome...

 

http://www.tcpiputils.com/browse/ip-address

 

Can we call this one done, close out...

 

Kevin

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.