Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall: Error Code 0x6D9


  • This topic is locked This topic is locked
17 replies to this topic

#1 xmutiiny

xmutiiny

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia, Perth
  • Local time:01:43 PM

Posted 05 October 2013 - 01:22 AM

I got this error ever since i got a virus (I managed to remove it) and i have been going through other forums on how to fix this error but none of them have worked so if you can help me thank you.

 

Also I'm not sure what log information i should provide so could you tell me what information i should show you.



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:43 AM

Posted 05 October 2013 - 04:59 PM

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 xmutiiny

xmutiiny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia, Perth
  • Local time:01:43 PM

Posted 05 October 2013 - 11:26 PM

When I did the scan I didn't get Addition.txt

 

Farbar Service Scanner Version: 13-09-2013
Ran by Joshua Ackland (administrator) on 06-10-2013 at 12:16:36
Running from "C:\Users\Joshua Ackland\Virus Removing"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


Other Services:
==============
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:43 AM

Posted 06 October 2013 - 11:53 AM

You have posted a log from Farbar Service Scanner,

If you could please download and run FRST.exe

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 xmutiiny

xmutiiny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia, Perth
  • Local time:01:43 PM

Posted 06 October 2013 - 12:02 PM

wow I'm an idiot you said farbar so i thought it was jsut going to be the service scanner.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Joshua Ackland (administrator) on JOSHUAWIN7 on 07-10-2013 00:56:18
Running from D:\Users\Joshua Ackland\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKCU\...\Run: [Xvid] - C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-18] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4851760 2013-09-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Startup: C:\Users\Joshua Ackland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Malware.lnk
ShortcutTarget: Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Startup: C:\Users\Joshua Ackland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Security Essentials.lnk
ShortcutTarget: Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 61.9.226.33

FireFox:
========
FF ProfilePath: C:\Users\Joshua Ackland\AppData\Roaming\Mozilla\Firefox\Profiles\dj41ddmj.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Extension: English (Australian) Dictionary - C:\Users\Joshua Ackland\AppData\Roaming\Mozilla\Firefox\Profiles\dj41ddmj.default\Extensions\en-AU@dictionaries.addons.mozilla.org
FF Extension: No Name - C:\Users\Joshua Ackland\AppData\Roaming\Mozilla\Firefox\Profiles\dj41ddmj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Joshua Ackland\AppData\Roaming\Mozilla\Firefox\Profiles\dj41ddmj.default\Extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}.xpi

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-09-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-09-12] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S4 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-03] (Trend Micro Inc.)
S1 ipyxkpko; \??\C:\Windows\system32\drivers\ipyxkpko.sys [x]
S1 kdkmqoox; \??\C:\Windows\system32\drivers\kdkmqoox.sys [x]
S1 lwbjiohn; \??\C:\Windows\system32\drivers\lwbjiohn.sys [x]
S1 swujapxl; \??\C:\Windows\system32\drivers\swujapxl.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-07 00:56 - 2013-10-07 00:56 - 00000000 ____D C:\FRST
2013-10-05 13:58 - 2013-10-05 13:58 - 00013232 _____ C:\Users\Joshua Ackland\Desktop\JRT.txt
2013-10-05 13:53 - 2013-10-05 13:53 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 13:48 - 2013-10-05 13:49 - 00000000 ____D C:\AdwCleaner
2013-10-05 08:01 - 2013-10-05 08:01 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-05 08:00 - 2013-10-05 08:01 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-05 08:00 - 2013-10-05 08:01 - 00000000 ____D C:\Program Files\iTunes
2013-10-05 08:00 - 2013-10-05 08:01 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-05 08:00 - 2013-10-05 08:00 - 00000000 ____D C:\Program Files\iPod
2013-10-05 00:10 - 2013-10-05 00:10 - 00374376 _____ C:\Windows\Minidump\100513-32541-01.dmp
2013-10-04 17:05 - 2013-10-04 17:05 - 00000988 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
2013-10-02 18:30 - 2013-10-02 18:30 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\EpicBot
2013-10-02 18:28 - 2013-10-02 18:28 - 00001875 _____ C:\Users\Public\Desktop\EpicBot.lnk
2013-10-02 18:28 - 2013-10-02 18:28 - 00000000 ____D C:\Program Files (x86)\EpicBot
2013-09-29 21:32 - 2013-09-29 21:32 - 00001302 _____ C:\Users\Joshua Ackland\Desktop\Blue Shift.LNK
2013-09-29 21:18 - 2013-09-29 21:18 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra
2013-09-29 20:59 - 2013-09-29 20:59 - 00000000 ____D C:\Windows\solcache
2013-09-29 20:55 - 2013-09-29 21:25 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line
2013-09-29 20:55 - 1998-10-30 23:21 - 01022976 _____ (Cendant Software) C:\Windows\SysWOW64\SierraNW.dll
2013-09-29 20:55 - 1998-10-30 23:21 - 00231936 _____ (Cendant Software) C:\Windows\SysWOW64\SNWValid.dll
2013-09-29 20:53 - 2013-09-29 21:38 - 00000495 _____ C:\Windows\SIERRA.INI
2013-09-29 20:53 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2013-09-29 14:37 - 2013-09-29 14:37 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\Atari
2013-09-29 14:36 - 2013-09-29 14:36 - 00001308 _____ C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
2013-09-29 14:35 - 2013-09-29 14:35 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\Leadertech
2013-09-29 13:44 - 2013-09-29 13:47 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\RSBot
2013-09-27 19:45 - 2004-05-06 12:11 - 04289024 _____ C:\Windows\SysWOW64\trial_setup.msi
2013-09-27 19:45 - 2004-05-06 12:11 - 00040448 _____ C:\Windows\SysWOW64\trial_setup.exe
2013-09-27 19:45 - 2004-05-06 12:11 - 00000777 _____ C:\Windows\SysWOW64\trial_setup.ini
2013-09-27 18:47 - 2013-09-27 18:47 - 00001186 _____ C:\Users\Public\Desktop\The Sims™ 3 Pets.lnk
2013-09-27 17:42 - 2013-09-27 17:42 - 00000032 _____ C:\Users\Joshua Ackland\jagex_cl_runescape_LIVE.dat
2013-09-27 09:19 - 2013-09-27 09:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-09-27 09:19 - 2013-09-27 09:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-09-21 09:35 - 2013-09-21 09:35 - 00000000 ____D C:\Program Files\Bonjour
2013-09-21 09:35 - 2013-09-21 09:35 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-20 00:31 - 2013-09-20 00:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-20 00:28 - 2013-09-20 00:28 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2013-09-20 00:17 - 2013-09-20 00:54 - 00000000 ____D C:\ProgramData\COMODO
2013-09-20 00:16 - 2013-09-20 00:28 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-09-19 18:37 - 2013-09-19 18:39 - 00000124 _____ C:\Users\Joshua Ackland\set
2013-09-18 21:26 - 2013-09-18 21:26 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\AVG
2013-09-18 21:23 - 2013-09-19 12:08 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-18 21:23 - 2013-09-18 22:25 - 00000000 ____D C:\ProgramData\AVG
2013-09-18 21:08 - 2013-09-18 21:08 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\AVG2014
2013-09-18 21:07 - 2013-09-27 09:19 - 00000971 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-18 21:07 - 2013-09-18 21:07 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-09-18 21:07 - 2013-09-18 21:07 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\TuneUp Software
2013-09-18 21:03 - 2013-09-18 21:07 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-18 21:03 - 2013-09-18 21:03 - 00000000 ___HD C:\$AVG
2013-09-18 21:02 - 2013-09-19 12:43 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-18 20:55 - 2013-10-06 18:56 - 00000000 ____D C:\ProgramData\MFAData
2013-09-18 20:55 - 2013-09-18 23:56 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Local\Avg2014
2013-09-18 20:55 - 2013-09-18 20:55 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Local\MFAData
2013-09-18 20:54 - 2013-09-18 20:54 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-18 20:54 - 2013-09-18 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-18 20:54 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-18 20:46 - 2013-08-16 09:17 - 01748890 _____ C:\Users\Joshua Ackland\Localizable.strings
2013-09-18 20:42 - 2013-09-30 01:04 - 00007597 _____ C:\Users\Joshua Ackland\AppData\Local\Resmon.ResmonCfg
2013-09-18 20:25 - 2013-09-18 20:25 - 00000875 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2013-09-18 20:25 - 2013-09-18 20:25 - 00000000 ____D C:\Program Files\CPUID
2013-09-14 13:12 - 2013-09-14 13:12 - 00000214 _____ C:\tstamps.log
2013-09-14 10:48 - 2013-09-14 10:48 - 00001239 _____ C:\Users\Public\Desktop\Harry Potter and the Goblet of Fire™.lnk
2013-09-14 10:40 - 2013-09-14 10:40 - 00001330 _____ C:\Users\Public\Desktop\Harry Potter and the Prisoner of Azkaban™.lnk
2013-09-14 10:36 - 2013-09-14 10:36 - 00001277 _____ C:\Users\Public\Desktop\Harry Potter - Quidditch World Cup.lnk
2013-09-14 09:27 - 2013-09-14 09:27 - 00001082 _____ C:\Users\Joshua Ackland\Desktop\Play Star Wars Jedi Knight Jedi Academy.lnk
2013-09-14 09:21 - 2013-09-14 09:21 - 00001082 _____ C:\Users\Joshua Ackland\Desktop\Play Star Wars Jedi Knight II Jedi Outcast.lnk
2013-09-13 17:15 - 2013-09-13 17:15 - 00001186 _____ C:\Users\Public\Desktop\The Sims™ 3 Outdoor Living Stuff.lnk
2013-09-13 17:11 - 2013-09-13 17:11 - 00001186 _____ C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
2013-09-13 17:00 - 2013-09-13 17:00 - 00001186 _____ C:\Users\Public\Desktop\The Sims™ 3 Fast Lane Stuff.lnk
2013-09-13 16:54 - 2013-09-13 16:54 - 00001186 _____ C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
2013-09-13 16:46 - 2013-09-13 16:46 - 00001168 _____ C:\Users\Public\Desktop\The Sims™ 3 High-End Loft Stuff.lnk
2013-09-13 16:39 - 2013-09-13 16:39 - 00001168 _____ C:\Users\Public\Desktop\The Sims™ 3 World Adventures.lnk
2013-09-13 12:47 - 2013-09-13 12:47 - 00001186 _____ C:\Users\Public\Desktop\The Sims™ 3 Town Life Stuff.lnk
2013-09-13 12:43 - 2013-09-13 12:43 - 00001186 _____ C:\Users\Public\Desktop\The Sims™ 3 Generations.lnk
2013-09-12 23:50 - 2013-08-10 13:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 23:50 - 2013-08-10 11:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 23:50 - 2013-08-10 11:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 23:50 - 2013-08-10 11:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 23:49 - 2013-08-10 13:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 23:49 - 2013-08-10 13:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 23:49 - 2013-08-10 13:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 23:49 - 2013-08-10 13:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 23:49 - 2013-08-10 13:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 23:49 - 2013-08-10 13:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 23:49 - 2013-08-10 13:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 23:49 - 2013-08-10 13:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 23:49 - 2013-08-10 13:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 23:49 - 2013-08-10 13:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 23:49 - 2013-08-10 13:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 23:49 - 2013-08-10 13:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 23:49 - 2013-08-10 13:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 23:49 - 2013-08-10 11:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 23:49 - 2013-08-10 11:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 23:49 - 2013-08-10 11:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 23:49 - 2013-08-10 11:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 23:49 - 2013-08-10 11:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 23:49 - 2013-08-10 11:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 23:49 - 2013-08-10 11:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 23:49 - 2013-08-10 11:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 23:49 - 2013-08-10 11:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 23:49 - 2013-08-10 11:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 23:49 - 2013-08-10 11:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 23:49 - 2013-08-10 11:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 23:49 - 2013-08-10 10:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 23:49 - 2013-08-10 10:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 23:41 - 2013-09-12 23:41 - 00270776 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-12 23:41 - 2013-09-12 23:41 - 00270776 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-12 23:41 - 2013-09-12 23:41 - 00075136 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-12 23:07 - 2013-08-02 10:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 23:07 - 2013-08-02 10:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 23:07 - 2013-08-02 10:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 23:07 - 2013-08-02 10:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 23:07 - 2013-08-02 10:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 23:07 - 2013-08-02 10:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 23:07 - 2013-08-02 10:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 23:07 - 2013-08-02 10:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 23:07 - 2013-08-02 10:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 23:07 - 2013-08-02 09:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 23:07 - 2013-08-02 09:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 23:07 - 2013-08-02 09:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 23:07 - 2013-08-02 09:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 23:07 - 2013-08-02 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 09:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 23:07 - 2013-08-02 08:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 23:07 - 2013-08-02 08:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 23:07 - 2013-08-02 08:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 23:07 - 2013-08-02 08:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 23:07 - 2013-08-02 08:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 23:07 - 2013-08-02 08:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 08:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 08:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 23:07 - 2013-08-02 08:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 22:56 - 2013-07-26 10:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 22:56 - 2013-07-26 10:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 22:56 - 2013-07-26 09:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 22:56 - 2013-07-26 09:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-12 22:55 - 2013-08-05 10:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 22:46 - 2013-08-08 09:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 17:55 - 2013-10-04 17:50 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\uTorrent
2013-09-12 17:31 - 2013-09-12 17:31 - 00000850 _____ C:\Users\Joshua Ackland\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-09-08 22:11 - 2013-09-08 22:11 - 00031544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-09-08 17:47 - 2013-09-08 17:47 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\WindSolutions
2013-09-08 17:43 - 2013-09-08 17:44 - 00000000 ____D C:\ProgramData\WindSolutions
2013-09-08 17:40 - 2013-09-08 17:46 - 00000000 ____D C:\Program Files (x86)\CopyTrans Suite
2013-09-08 17:16 - 2013-09-08 17:16 - 00001126 _____ C:\Users\Public\Desktop\The Sims™ 3.lnk
2013-09-08 16:46 - 2013-09-08 16:47 - 00001751 _____ C:\Users\Joshua Ackland\GFX.lnk
2013-09-08 16:43 - 2013-09-08 16:43 - 00000949 _____ C:\Users\Joshua Ackland\Youtube.lnk
2013-09-08 16:42 - 2013-09-08 16:42 - 00000969 _____ C:\Users\Joshua Ackland\StoneCold.lnk
2013-09-08 16:14 - 2013-09-13 00:45 - 00009612 _____ C:\Windows\system32\lvcoinst.log
2013-09-08 12:46 - 2013-09-08 16:14 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-09-08 12:37 - 2013-09-08 16:07 - 00000000 ____D C:\Program Files (x86)\IM Setup
2013-09-07 21:07 - 2013-09-08 16:07 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\OBS
2013-09-07 21:06 - 2013-09-07 21:07 - 00000000 ____D C:\Program Files (x86)\OBS
2013-09-07 21:06 - 2013-09-07 21:06 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software

==================== One Month Modified Files and Folders =======

2013-10-07 00:56 - 2013-10-07 00:56 - 00000000 ____D C:\FRST
2013-10-07 00:41 - 2012-04-07 13:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-07 00:31 - 2012-01-07 12:34 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\Skype
2013-10-06 22:41 - 2011-04-14 11:32 - 01982051 _____ C:\Windows\WindowsUpdate.log
2013-10-06 18:56 - 2013-09-18 20:55 - 00000000 ____D C:\ProgramData\MFAData
2013-10-06 18:39 - 2013-03-13 22:27 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\.minecraft
2013-10-06 12:16 - 2013-10-05 14:37 - 00000000 ____D C:\Users\Joshua Ackland\Virus Removing
2013-10-06 02:00 - 2012-01-13 14:02 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Local\Adobe
2013-10-05 16:11 - 2009-07-14 12:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 16:11 - 2009-07-14 12:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 16:04 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-05 16:04 - 2009-07-14 12:51 - 00511002 _____ C:\Windows\setupact.log
2013-10-05 14:37 - 2011-04-14 13:32 - 00000000 ____D C:\Users\Joshua Ackland
2013-10-05 13:58 - 2013-10-05 13:58 - 00013232 _____ C:\Users\Joshua Ackland\Desktop\JRT.txt
2013-10-05 13:53 - 2013-10-05 13:53 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 13:49 - 2013-10-05 13:48 - 00000000 ____D C:\AdwCleaner
2013-10-05 08:01 - 2013-10-05 08:01 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-05 08:01 - 2013-10-05 08:00 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-05 08:01 - 2013-10-05 08:00 - 00000000 ____D C:\Program Files\iTunes
2013-10-05 08:01 - 2013-10-05 08:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-05 08:00 - 2013-10-05 08:00 - 00000000 ____D C:\Program Files\iPod
2013-10-05 00:10 - 2013-10-05 00:10 - 00374376 _____ C:\Windows\Minidump\100513-32541-01.dmp
2013-10-05 00:10 - 2011-08-04 21:15 - 643851879 _____ C:\Windows\MEMORY.DMP
2013-10-05 00:10 - 2011-08-04 21:15 - 00000000 ____D C:\Windows\Minidump
2013-10-04 17:50 - 2013-09-12 17:55 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\uTorrent
2013-10-04 17:06 - 2012-12-09 21:52 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\Gyazo
2013-10-04 17:05 - 2013-10-04 17:05 - 00000988 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
2013-10-04 17:05 - 2012-12-09 21:52 - 00000988 _____ C:\Users\Public\Desktop\Gyazo.lnk
2013-10-04 17:05 - 2012-12-09 21:52 - 00000000 ____D C:\Program Files (x86)\Gyazo
2013-10-03 08:09 - 2012-01-25 12:38 - 00000000 ____D C:\Users\DefaultAppPool
2013-10-02 22:26 - 2011-12-30 12:05 - 00627712 ___SH C:\Users\Joshua Ackland\Thumbs.db
2013-10-02 18:30 - 2013-10-02 18:30 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\EpicBot
2013-10-02 18:28 - 2013-10-02 18:28 - 00001875 _____ C:\Users\Public\Desktop\EpicBot.lnk
2013-10-02 18:28 - 2013-10-02 18:28 - 00000000 ____D C:\Program Files (x86)\EpicBot
2013-09-30 11:30 - 2011-04-19 22:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-30 01:04 - 2013-09-18 20:42 - 00007597 _____ C:\Users\Joshua Ackland\AppData\Local\Resmon.ResmonCfg
2013-09-30 00:58 - 2010-11-21 11:47 - 01115546 _____ C:\Windows\PFRO.log
2013-09-29 21:38 - 2013-09-29 20:53 - 00000495 _____ C:\Windows\SIERRA.INI
2013-09-29 21:32 - 2013-09-29 21:32 - 00001302 _____ C:\Users\Joshua Ackland\Desktop\Blue Shift.LNK
2013-09-29 21:25 - 2013-09-29 20:55 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line
2013-09-29 21:18 - 2013-09-29 21:18 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra
2013-09-29 21:01 - 2012-01-02 11:05 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-29 20:59 - 2013-09-29 20:59 - 00000000 ____D C:\Windows\solcache
2013-09-29 14:37 - 2013-09-29 14:37 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\Atari
2013-09-29 14:36 - 2013-09-29 14:36 - 00001308 _____ C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk
2013-09-29 14:35 - 2013-09-29 14:35 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\Leadertech
2013-09-29 13:47 - 2013-09-29 13:44 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\RSBot
2013-09-27 21:39 - 2013-08-15 17:02 - 00000000 ____D C:\Program Files (x86)\Origin
2013-09-27 18:47 - 2013-09-27 18:47 - 00001186 _____ C:\Users\Public\Desktop\The Sims™ 3 Pets.lnk
2013-09-27 17:42 - 2013-09-27 17:42 - 00000032 _____ C:\Users\Joshua Ackland\jagex_cl_runescape_LIVE.dat
2013-09-27 09:19 - 2013-09-27 09:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-09-27 09:19 - 2013-09-27 09:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-09-27 09:19 - 2013-09-18 21:07 - 00000971 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-21 09:35 - 2013-09-21 09:35 - 00000000 ____D C:\Program Files\Bonjour
2013-09-21 09:35 - 2013-09-21 09:35 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-20 10:41 - 2012-04-07 13:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 10:41 - 2012-04-07 13:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 10:41 - 2011-05-13 08:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 01:21 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2013-09-20 00:54 - 2013-09-20 00:17 - 00000000 ____D C:\ProgramData\COMODO
2013-09-20 00:47 - 2013-08-10 14:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-20 00:31 - 2013-09-20 00:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-20 00:31 - 2013-08-10 14:24 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Local\Mozilla
2013-09-20 00:28 - 2013-09-20 00:28 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2013-09-20 00:28 - 2013-09-20 00:16 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-09-19 20:38 - 2012-12-23 23:07 - 00000474 __RSH C:\ProgramData\ntuser.pol
2013-09-19 18:59 - 2010-11-21 15:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-19 18:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
2013-09-19 18:54 - 2013-01-20 12:19 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-09-19 18:53 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-19 18:53 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-19 18:53 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-19 18:39 - 2013-09-19 18:37 - 00000124 _____ C:\Users\Joshua Ackland\set
2013-09-19 14:24 - 2013-03-08 19:30 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-19 12:43 - 2013-09-18 21:02 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-19 12:34 - 2012-01-07 22:08 - 00003318 _____ C:\Windows\System32\Tasks\{291387C9-059A-4276-8F4E-F3FA3DFA01D7}
2013-09-19 12:08 - 2013-09-18 21:23 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-18 23:56 - 2013-09-18 20:55 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Local\Avg2014
2013-09-18 22:45 - 2011-04-14 13:32 - 00000000 ___RD C:\Users\Joshua Ackland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-18 22:42 - 2012-04-14 11:52 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\Sony
2013-09-18 22:42 - 2012-02-05 21:28 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Local\Downloaded Installations
2013-09-18 22:42 - 2011-04-19 21:14 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2013-09-18 22:25 - 2013-09-18 21:23 - 00000000 ____D C:\ProgramData\AVG
2013-09-18 21:37 - 2011-04-14 13:32 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Local\VirtualStore
2013-09-18 21:26 - 2013-09-18 21:26 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\AVG
2013-09-18 21:08 - 2013-09-18 21:08 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\AVG2014
2013-09-18 21:07 - 2013-09-18 21:07 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-09-18 21:07 - 2013-09-18 21:07 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\TuneUp Software
2013-09-18 21:07 - 2013-09-18 21:03 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-18 21:03 - 2013-09-18 21:03 - 00000000 ___HD C:\$AVG
2013-09-18 20:55 - 2013-09-18 20:55 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Local\MFAData
2013-09-18 20:54 - 2013-09-18 20:54 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-18 20:54 - 2013-09-18 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-18 20:25 - 2013-09-18 20:25 - 00000875 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2013-09-18 20:25 - 2013-09-18 20:25 - 00000000 ____D C:\Program Files\CPUID
2013-09-18 15:58 - 2012-01-13 14:05 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-15 10:52 - 2013-08-23 21:48 - 00000132 _____ C:\Users\Joshua Ackland\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-09-14 14:42 - 2011-04-15 20:38 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\Adobe
2013-09-14 13:12 - 2013-09-14 13:12 - 00000214 _____ C:\tstamps.log
2013-09-14 10:48 - 2013-09-14 10:48 - 00001239 _____ C:\Users\Public\Desktop\Harry Potter and the Goblet of Fire™.lnk
2013-09-14 10:40 - 2013-09-14 10:40 - 00001330 _____ C:\Users\Public\Desktop\Harry Potter and the Prisoner of Azkaban™.lnk
2013-09-14 10:36 - 2013-09-14 10:36 - 00001277 _____ C:\Users\Public\Desktop\Harry Potter - Quidditch World Cup.lnk
2013-09-14 10:33 - 2013-08-10 18:08 - 00000562 _____ C:\debugInstaller.txt
2013-09-14 09:27 - 2013-09-14 09:27 - 00001082 _____ C:\Users\Joshua Ackland\Desktop\Play Star Wars Jedi Knight Jedi Academy.lnk
2013-09-14 09:27 - 2011-04-19 22:41 - 00225152 _____ C:\Windows\DirectX.log
2013-09-14 09:21 - 2013-09-14 09:21 - 00001082 _____ C:\Users\Joshua Ackland\Desktop\Play Star Wars Jedi Knight II Jedi Outcast.lnk
2013-09-13 17:15 - 2013-09-13 17:15 - 00001186 _____ C:\Users\Public\Desktop\The Sims™ 3 Outdoor Living Stuff.lnk
2013-09-13 17:11 - 2013-09-13 17:11 - 00001186 _____ C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
2013-09-13 17:00 - 2013-09-13 17:00 - 00001186 _____ C:\Users\Public\Desktop\The Sims™ 3 Fast Lane Stuff.lnk
2013-09-13 16:54 - 2013-09-13 16:54 - 00001186 _____ C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
2013-09-13 16:46 - 2013-09-13 16:46 - 00001168 _____ C:\Users\Public\Desktop\The Sims™ 3 High-End Loft Stuff.lnk
2013-09-13 16:39 - 2013-09-13 16:39 - 00001168 _____ C:\Users\Public\Desktop\The Sims™ 3 World Adventures.lnk
2013-09-13 12:47 - 2013-09-13 12:47 - 00001186 _____ C:\Users\Public\Desktop\The Sims™ 3 Town Life Stuff.lnk
2013-09-13 12:43 - 2013-09-13 12:43 - 00001186 _____ C:\Users\Public\Desktop\The Sims™ 3 Generations.lnk
2013-09-13 00:45 - 2013-09-08 16:14 - 00009612 _____ C:\Windows\system32\lvcoinst.log
2013-09-13 00:45 - 2011-04-14 13:32 - 00000000 ___RD C:\Users\Joshua Ackland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 00:26 - 2009-07-14 12:45 - 05836264 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 23:48 - 2013-08-15 15:19 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 23:44 - 2011-04-14 13:54 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 23:41 - 2013-09-12 23:41 - 00270776 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-12 23:41 - 2013-09-12 23:41 - 00270776 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-12 23:41 - 2013-09-12 23:41 - 00075136 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-12 23:39 - 2012-05-12 11:41 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Local\Activision
2013-09-12 17:31 - 2013-09-12 17:31 - 00000850 _____ C:\Users\Joshua Ackland\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-09-09 20:20 - 2009-07-14 13:13 - 00862744 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-08 22:11 - 2013-09-08 22:11 - 00031544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-09-08 17:47 - 2013-09-08 17:47 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\WindSolutions
2013-09-08 17:46 - 2013-09-08 17:40 - 00000000 ____D C:\Program Files (x86)\CopyTrans Suite
2013-09-08 17:44 - 2013-09-08 17:43 - 00000000 ____D C:\ProgramData\WindSolutions
2013-09-08 17:16 - 2013-09-08 17:16 - 00001126 _____ C:\Users\Public\Desktop\The Sims™ 3.lnk
2013-09-08 16:47 - 2013-09-08 16:46 - 00001751 _____ C:\Users\Joshua Ackland\GFX.lnk
2013-09-08 16:43 - 2013-09-08 16:43 - 00000949 _____ C:\Users\Joshua Ackland\Youtube.lnk
2013-09-08 16:42 - 2013-09-08 16:42 - 00000969 _____ C:\Users\Joshua Ackland\StoneCold.lnk
2013-09-08 16:32 - 2013-08-10 16:19 - 00000526 _____ C:\Windows\eReg.dat
2013-09-08 16:14 - 2013-09-08 12:46 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-09-08 16:07 - 2013-09-08 12:37 - 00000000 ____D C:\Program Files (x86)\IM Setup
2013-09-08 16:07 - 2013-09-07 21:07 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\OBS
2013-09-07 21:07 - 2013-09-07 21:06 - 00000000 ____D C:\Program Files (x86)\OBS
2013-09-07 21:06 - 2013-09-07 21:06 - 00000000 ____D C:\Users\Joshua Ackland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software

Files to move or delete:
====================
ZeroAccess:
C:\Users\Joshua Ackland\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Joshua Ackland\jagex_cl_runescape_LIVE.dat


Some content of TEMP:
====================
C:\Users\Joshua Ackland\AppData\Local\Temp\jna2947538680934832753.dll
C:\Users\Joshua Ackland\AppData\Local\Temp\jna4384863124162768881.dll
C:\Users\Joshua Ackland\AppData\Local\Temp\jna4438524871598892662.dll
C:\Users\Joshua Ackland\AppData\Local\Temp\jna4797052301345419728.dll
C:\Users\Joshua Ackland\AppData\Local\Temp\jna6435553607172192829.dll
C:\Users\Joshua Ackland\AppData\Local\Temp\jna737824142586244925.dll
C:\Users\Joshua Ackland\AppData\Local\Temp\jna7944440937643306439.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 01:24

==================== End Of Log ============================

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Joshua Ackland at 2013-10-07 00:56:50
Running from D:\Users\Joshua Ackland\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.1.30017)
Adobe After Effects CS6 (x32 Version: 11)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Download Assistant (x32 Version: 1.2.3)
Adobe Dreamweaver CS6 (x32 Version: 12)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Media Player (x32 Version: 1.8)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
AVG 2014 (Version: 14.0.3604)
AVG 2014 (Version: 14.0.4142)
AVG 2014 (Version: 2014.0.4142)
Bonjour (Version: 3.0.0.10)
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32 Version: 1.6)
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32)
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32 Version: 1.7)
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32)
Combined Community Codec Pack 2010-10-10 (x32 Version: 2010.10.10.0)
CPUID CPU-Z 1.66.1
D3DX10 (x32 Version: 15.4.2368.0902)
Electronic Arts Product Registration (x32 Version: 1.01.0000)
EpicBot (x32)
Free Mouse Auto Clicker 3.1 (x32)
GTA San Andreas (x32 Version: 1.00.00001)
Gyazo 2.0.1 (x32)
Half-Life (x32)
Half-Life: Blue Shift (x32)
Half-Life: Counter-Strike (x32)
Half-Life: Opposing Force (x32)
Harry Potter - Quidditch World Cup (x32)
Harry Potter and the Goblet of Fire™ (x32)
Harry Potter and the Prisoner of Azkaban™ (x32)
Harry Potter II (x32)
Harry Potter TM (x32)
iTunes (Version: 11.1.1.11)
Java 7 Update 25 (x32 Version: 7.0.250)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java Auto Updater (x32 Version: 2.1.9.5)
Java SE Development Kit 7 Update 6 (64-bit) (Version: 1.7.0.60)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 31 (x32 Version: 6.0.310)
JavaFX 2.1.1 (x32 Version: 2.1.1)
League of Legends (x32 Version: 1.3)
LibreOffice 3.3 (x32 Version: 3.3.202)
Logitech Gaming Software 5.10 (Version: 5.10.127)
Magic Bullet Suite 64-bit (Version: 11.4.1)
Magic Bullet Suite 64-bit (x32 Version: 11.4.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Security Client (Version: 4.3.0216.0)
Microsoft Security Essentials (Version: 4.3.216.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Open Broadcaster Software (x32)
OpenAL (x32)
Origin (x32 Version: 9.1.15.109)
PDF Settings CS6 (x32 Version: 11.0)
PowerISO (x32 Version: 5.6)
ReelSmart Motion Blur 4, After Effects-compatible plugin set (x32)
RollerCoaster Tycoon 3 Platinum (x32 Version: 1.00.000)
Setup version 1.5 (x32 Version: 1.5)
Sierra Utilities (x32)
Skype™ 6.6 (x32 Version: 6.6.106)
Star Wars Jedi Knight Jedi Academy (x32)
Star Wars JK II Jedi Outcast (x32)
Super Hexagon (x32 Version: 1.0)
swMSM (x32 Version: 12.0.0.1)
The Sims™ 3 (x32 Version: 1.57.62)
The Sims™ 3 Ambitions (x32 Version: 4.0.87)
The Sims™ 3 Fast Lane Stuff (x32 Version: 5.0.44)
The Sims™ 3 Generations (x32 Version: 8.0.152)
The Sims™ 3 High-End Loft Stuff (x32 Version: 3.0.38)
The Sims™ 3 Late Night (x32 Version: 6.0.81)
The Sims™ 3 Outdoor Living Stuff (x32 Version: 7.0.55)
The Sims™ 3 Pets (x32 Version: 10.0.96)
The Sims™ 3 Town Life Stuff (x32 Version: 9.0.73)
The Sims™ 3 World Adventures (x32 Version: 2.0.86)
TL-WN881ND Driver (x32 Version: 1.0.0)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Vegas Pro 11.0 (64-bit) (Version: 11.0.371)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
WinRAR 4.10 (64-bit) (Version: 4.10.0)
Xvid Video Codec (x32 Version: 1.3.2)

==================== Restore Points  =========================



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:43 AM

Posted 06 October 2013 - 05:47 PM

Please do the following:

Download attached fixlist.txt file and save it to the Desktop.

Attached File  FixList.txt   1.3KB   28 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

(you have FRST in your downloads folder "Running from D:\Users\Joshua Ackland\Downloads" so fixlist.txt must be saved there too)

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 xmutiiny

xmutiiny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia, Perth
  • Local time:01:43 PM

Posted 06 October 2013 - 11:18 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Joshua Ackland at 2013-10-07 12:16:23 Run:1
Running from D:\Users\Joshua Ackland\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
S1 ipyxkpko; \??\C:\Windows\system32\drivers\ipyxkpko.sys [x]
S1 kdkmqoox; \??\C:\Windows\system32\drivers\kdkmqoox.sys [x]
S1 lwbjiohn; \??\C:\Windows\system32\drivers\lwbjiohn.sys [x]
S1 swujapxl; \??\C:\Windows\system32\drivers\swujapxl.sys [x]
C:\Users\Joshua Ackland\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Joshua Ackland\jagex_cl_runescape_LIVE.dat
C:\Users\Joshua Ackland\AppData\Local\Temp\jna2947538680934832753.dll
C:\Users\Joshua Ackland\AppData\Local\Temp\jna4384863124162768881.dll
C:\Users\Joshua Ackland\AppData\Local\Temp\jna4438524871598892662.dll
C:\Users\Joshua Ackland\AppData\Local\Temp\jna4797052301345419728.dll
C:\Users\Joshua Ackland\AppData\Local\Temp\jna6435553607172192829.dll
C:\Users\Joshua Ackland\AppData\Local\Temp\jna737824142586244925.dll
C:\Users\Joshua Ackland\AppData\Local\Temp\jna7944440937643306439.dll
end



*****************

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
ipyxkpko => Service deleted successfully.
kdkmqoox => Service deleted successfully.
lwbjiohn => Service deleted successfully.
swujapxl => Service deleted successfully.
C:\Users\Joshua Ackland\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
C:\Users\Joshua Ackland\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Joshua Ackland\AppData\Local\Temp\jna2947538680934832753.dll => Moved successfully.
C:\Users\Joshua Ackland\AppData\Local\Temp\jna4384863124162768881.dll => Moved successfully.
C:\Users\Joshua Ackland\AppData\Local\Temp\jna4438524871598892662.dll => Moved successfully.
C:\Users\Joshua Ackland\AppData\Local\Temp\jna4797052301345419728.dll => Moved successfully.
C:\Users\Joshua Ackland\AppData\Local\Temp\jna6435553607172192829.dll => Moved successfully.
C:\Users\Joshua Ackland\AppData\Local\Temp\jna737824142586244925.dll => Moved successfully.
C:\Users\Joshua Ackland\AppData\Local\Temp\jna7944440937643306439.dll => Moved successfully.

==== End of Fixlog ====



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:43 AM

Posted 07 October 2013 - 10:41 AM

Please run the following:

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 xmutiiny

xmutiiny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia, Perth
  • Local time:01:43 PM

Posted 07 October 2013 - 02:14 PM

ComboFix 13-10-04.02 - Joshua Ackland 08/10/2013   3:01.3.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.4093.2942 [GMT 8:00]
Running from: d:\users\Joshua Ackland\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-07 to 2013-10-07  )))))))))))))))))))))))))))))))
.
.
2013-10-07 19:07 . 2013-10-07 19:07    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-10-07 19:07 . 2013-10-07 19:07    --------    d-----w-    c:\users\DefaultAppPool\AppData\Local\temp
2013-10-07 19:07 . 2013-10-07 19:07    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-07 16:19 . 2013-09-05 05:32    9694160    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6AD88E1-E25A-46BE-B271-A93986A63930}\mpengine.dll
2013-10-07 08:16 . 2013-09-05 05:32    9694160    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-07 04:19 . 2013-10-07 04:19    --------    d-----w-    c:\users\Joshua Ackland\AppData\Local\IsolatedStorage
2013-10-07 04:19 . 2013-10-07 04:19    --------    d-----w-    c:\users\Joshua Ackland\AppData\Local\Futuremark
2013-10-06 16:56 . 2013-10-06 16:56    --------    d-----w-    C:\FRST
2013-10-05 06:37 . 2013-10-06 17:03    --------    d-----w-    c:\users\Joshua Ackland\Virus Removing
2013-10-05 05:53 . 2013-10-05 05:53    --------    d-----w-    c:\windows\ERUNT
2013-10-05 05:48 . 2013-10-05 05:49    --------    d-----w-    C:\AdwCleaner
2013-10-05 00:00 . 2013-10-05 00:00    --------    d-----w-    c:\program files\iPod
2013-10-05 00:00 . 2013-10-05 00:01    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-05 00:00 . 2013-10-05 00:01    --------    d-----w-    c:\program files\iTunes
2013-10-05 00:00 . 2013-10-05 00:01    --------    d-----w-    c:\program files (x86)\iTunes
2013-09-30 03:29 . 2004-10-21 18:18    749568    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-09-30 03:29 . 2004-10-21 18:17    69715    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-09-30 03:29 . 2004-10-21 18:17    274432    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-09-30 03:29 . 2004-10-21 18:16    180224    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-09-30 03:29 . 2004-10-21 18:16    5632    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-09-30 03:29 . 2013-09-30 03:29    323716    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-09-30 03:29 . 2013-09-30 03:29    192644    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-09-29 12:59 . 2013-09-29 12:59    --------    d-----w-    c:\windows\solcache
2013-09-29 12:55 . 1998-10-30 15:21    231936    ----a-w-    c:\windows\SysWow64\SNWValid.dll
2013-09-29 12:55 . 1998-10-30 15:21    1022976    ----a-w-    c:\windows\SysWow64\SierraNW.dll
2013-09-29 12:55 . 2013-09-29 13:25    --------    d-----w-    c:\program files (x86)\Sierra On-Line
2013-09-29 12:53 . 1998-10-29 08:45    306688    ----a-w-    c:\windows\IsUninst.exe
2013-09-29 06:37 . 2013-09-29 06:37    --------    d-----w-    c:\users\Joshua Ackland\AppData\Roaming\Atari
2013-09-29 06:35 . 2013-09-29 06:35    --------    d-----w-    c:\users\Joshua Ackland\AppData\Roaming\Leadertech
2013-09-29 06:30 . 2005-04-03 15:02    753664    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-09-29 06:30 . 2005-04-03 15:02    69714    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-09-29 06:30 . 2005-04-03 15:01    274432    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-09-29 06:30 . 2005-04-03 15:00    184320    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-09-29 06:30 . 2005-04-03 15:00    63488    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-09-29 06:30 . 2005-04-03 14:59    5632    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-09-29 06:30 . 2013-09-29 06:30    331908    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-09-29 06:30 . 2013-09-29 06:30    200836    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-09-29 05:44 . 2013-09-29 05:47    --------    d-----w-    c:\users\Joshua Ackland\AppData\Roaming\RSBot
2013-09-27 11:48 . 2005-04-03 14:57    32768    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-09-27 11:45 . 2004-05-06 04:11    4289024    ----a-w-    c:\windows\SysWow64\trial_setup.msi
2013-09-27 11:45 . 2004-05-06 04:11    40448    ----a-w-    c:\windows\SysWow64\trial_setup.exe
2013-09-27 01:19 . 2013-09-27 01:19    --------    d-----w-    c:\users\Default\AppData\Roaming\TuneUp Software
2013-09-21 01:35 . 2013-09-21 01:35    --------    d-----w-    c:\program files\Bonjour
2013-09-21 01:35 . 2013-09-21 01:35    --------    d-----w-    c:\program files (x86)\Bonjour
2013-09-19 16:28 . 2013-09-19 16:28    1700352    ----a-w-    c:\windows\SysWow64\gdiplus.dll
2013-09-19 16:17 . 2013-09-19 16:54    --------    d-----w-    c:\programdata\COMODO
2013-09-19 16:16 . 2013-09-19 16:28    --------    d-----w-    c:\program files (x86)\Comodo
2013-09-19 06:25 . 2013-09-19 10:53    --------    d-----w-    c:\windows\ehome
2013-09-19 06:25 . 2013-09-19 06:25    --------    d-----w-    c:\users\Default\AppData\Roaming\Media Center Programs
2013-09-18 13:26 . 2013-09-18 13:26    --------    d-----w-    c:\users\Joshua Ackland\AppData\Roaming\AVG
2013-09-18 13:23 . 2013-09-18 14:25    --------    d-----w-    c:\programdata\AVG
2013-09-18 13:23 . 2013-09-19 04:08    --------    d-sh--w-    c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-18 13:07 . 2013-09-18 13:07    --------    d-----w-    c:\users\Joshua Ackland\AppData\Roaming\TuneUp Software
2013-09-18 12:55 . 2013-10-07 18:58    --------    d-----w-    c:\programdata\MFAData
2013-09-18 12:55 . 2013-09-18 12:55    --------    d--h--w-    c:\programdata\Common Files
2013-09-18 12:55 . 2013-09-18 12:55    --------    d-----w-    c:\users\Joshua Ackland\AppData\Local\MFAData
2013-09-18 12:54 . 2013-04-04 06:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-09-18 12:54 . 2013-09-18 12:54    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-18 12:25 . 2013-09-18 12:25    --------    d-----w-    c:\program files\CPUID
2013-09-12 15:50 . 2013-08-10 03:17    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-09-12 15:50 . 2013-08-10 03:07    2706432    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-09-12 15:50 . 2013-08-10 05:20    526336    ----a-w-    c:\windows\system32\ieui.dll
2013-09-12 15:50 . 2013-08-10 05:20    356864    ----a-w-    c:\program files\Internet Explorer\IEShims.dll
2013-09-12 15:50 . 2013-08-10 03:58    257536    ----a-w-    c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-09-12 15:50 . 2013-08-10 05:21    278528    ----a-w-    c:\program files\Internet Explorer\sqmapi.dll
2013-09-12 15:50 . 2013-08-10 03:58    217600    ----a-w-    c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-09-12 15:50 . 2013-08-10 03:58    236032    ----a-w-    c:\program files (x86)\Internet Explorer\IEShims.dll
2013-09-12 15:41 . 2013-09-12 15:41    270776    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-09-12 15:41 . 2013-09-12 15:41    270776    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2013-09-12 15:41 . 2013-09-12 15:41    75136    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2013-09-12 14:56 . 2013-07-26 02:24    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-09-12 14:56 . 2013-07-26 02:24    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-09-12 14:55 . 2013-08-05 02:25    155584    ----a-w-    c:\windows\system32\drivers\ataport.sys
2013-09-12 14:46 . 2013-08-08 01:20    3155456    ----a-w-    c:\windows\system32\win32k.sys
2013-09-12 09:55 . 2013-10-04 09:50    --------    d-----w-    c:\users\Joshua Ackland\AppData\Roaming\uTorrent
2013-09-08 09:47 . 2013-09-08 09:47    --------    d-----w-    c:\users\Joshua Ackland\AppData\Roaming\WindSolutions
2013-09-08 09:43 . 2013-09-08 09:44    --------    d-----w-    c:\programdata\WindSolutions
2013-09-08 09:40 . 2013-09-08 09:46    --------    d-----w-    c:\program files (x86)\CopyTrans Suite
2013-09-08 04:46 . 2013-09-08 08:14    --------    d-----w-    c:\program files (x86)\Common Files\logishrd
2013-09-08 04:46 . 2013-09-08 08:14    --------    d-----w-    c:\program files\Common Files\logishrd
2013-09-08 04:37 . 2013-09-08 08:07    --------    d-----w-    c:\program files (x86)\IM Setup
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 02:41 . 2012-04-07 05:32    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 02:41 . 2011-05-13 00:11    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-19 17:01 . 2012-01-14 04:57    48648    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-09-19 17:00 . 2013-01-03 03:14    336208    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-09-15 07:11 . 2013-01-03 03:14    48648    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-09-12 15:44 . 2011-04-14 05:54    79143768    ----a-w-    c:\windows\system32\MRT.exe
2013-09-06 10:28 . 2013-09-06 10:29    965008    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A1DA80A-D08A-4C7C-8624-9E91D01CF28A}\gapaengine.dll
2013-08-22 16:42 . 2013-08-22 16:43    941720    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-09 19:18 . 2013-08-09 19:18    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-08-09 19:18 . 2013-08-09 19:18    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-08-09 19:18 . 2013-08-09 19:18    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-08-09 19:18 . 2013-08-09 19:18    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-08-09 19:18 . 2013-08-09 19:18    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-08-09 19:18 . 2013-08-09 19:18    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-08-09 19:18 . 2013-08-09 19:18    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-08-09 19:18 . 2013-08-09 19:18    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-08-09 19:18 . 2013-08-09 19:18    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-08-09 19:18 . 2013-08-09 19:18    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-08-09 19:18 . 2013-08-09 19:18    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-08-09 19:18 . 2013-08-09 19:18    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-08-09 19:18 . 2013-08-09 19:18    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-08-09 19:18 . 2013-08-09 19:18    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-08-09 19:18 . 2013-08-09 19:18    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-08-09 19:18 . 2013-08-09 19:18    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-08-09 19:18 . 2013-08-09 19:18    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-08-09 19:18 . 2013-08-09 19:18    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-08-09 19:18 . 2013-08-09 19:18    441856    ----a-w-    c:\windows\system32\html.iec
2013-08-09 19:18 . 2013-08-09 19:18    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-08-09 19:18 . 2013-08-09 19:18    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-08-09 19:18 . 2013-08-09 19:18    235008    ----a-w-    c:\windows\system32\url.dll
2013-08-09 19:18 . 2013-08-09 19:18    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-08-09 19:18 . 2013-08-09 19:18    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-08-09 19:18 . 2013-08-09 19:18    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-08-09 19:18 . 2013-08-09 19:18    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-08-09 19:18 . 2013-08-09 19:18    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-08-09 19:18 . 2013-08-09 19:18    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-08-09 19:18 . 2013-08-09 19:18    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-08-09 19:18 . 2013-08-09 19:18    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-08-09 19:18 . 2013-08-09 19:18    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-08-09 19:18 . 2013-08-09 19:18    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-08-09 19:18 . 2013-08-09 19:18    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-08-09 19:18 . 2013-08-09 19:18    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-08-09 19:18 . 2013-08-09 19:18    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-08-09 19:18 . 2013-08-09 19:18    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-08-09 19:18 . 2013-08-09 19:18    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-08-09 19:18 . 2013-08-09 19:18    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-08-09 19:18 . 2013-08-09 19:18    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-08-09 19:18 . 2013-08-09 19:18    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-08-09 19:18 . 2013-08-09 19:18    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-08-09 19:18 . 2013-08-09 19:18    149504    ----a-w-    c:\windows\system32\occache.dll
2013-08-09 19:18 . 2013-08-09 19:18    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-08-09 19:18 . 2013-08-09 19:18    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-08-09 19:18 . 2013-08-09 19:18    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-08-09 19:18 . 2013-08-09 19:18    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-08-09 19:18 . 2013-08-09 19:18    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-08-09 19:18 . 2013-08-09 19:18    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-08-09 19:18 . 2013-08-09 19:18    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-08-09 02:56 . 2013-08-09 02:56    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-09 02:56 . 2012-08-15 23:59    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-08-09 02:56 . 2011-04-19 13:03    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-08-09 02:42 . 2011-03-28 10:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-08-02 01:48 . 2013-09-12 15:07    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 19:34    1888768    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 19:34    1620992    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 19:34    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 19:34    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-07-14 19:34 . 2013-08-19 07:10    9460976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1419D7F-446F-47C3-9022-617859ADDE0E}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-30 152392]
.
c:\users\Joshua Ackland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Malwarebytes Anti-Malware.lnk - c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2013-9-18 887432]
Microsoft Security Essentials.lnk - c:\program files\Microsoft Security Client\msseces.exe [2013-7-18 1356240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 02:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-19 444904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with itransfer-platinum - c:\program files (x86)\ImTOO\iTransfer Platinum\upod_link.HTM
TCP: DhcpNameServer = 192.168.1.1 61.9.226.33
FF - ProfilePath - c:\users\Joshua Ackland\AppData\Roaming\Mozilla\Firefox\Profiles\dj41ddmj.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-08-10 14:51; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Joshua Ackland\AppData\Roaming\Mozilla\Firefox\Profiles\dj41ddmj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-10 16:27; {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}; c:\users\Joshua Ackland\AppData\Roaming\Mozilla\Firefox\Profiles\dj41ddmj.default\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}.xpi
FF - ExtSQL: 2013-09-05 22:35; en-AU@dictionaries.addons.mozilla.org; c:\users\Joshua Ackland\AppData\Roaming\Mozilla\Firefox\Profiles\dj41ddmj.default\extensions\en-AU@dictionaries.addons.mozilla.org
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Half-Life: Counter-Strike - d:\users\JOSHUA~1\SAVEDG~1\NEWFOL~1\COUNTE~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1519186215-351774408-1670561289-1000\Software\SecuROM\License information*]
"datasecu"=hex:0a,03,fc,40,19,dc,9a,22,be,6f,7b,d7,b7,92,f3,3c,c5,98,3f,d9,86,
   33,78,ee,4d,94,9e,50,43,b4,1f,03,42,86,f9,b1,1f,64,14,21,4c,ed,18,53,f4,7a,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-10-08  03:12:03 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-07 19:12
.
Pre-Run: 225,825,247,232 bytes free
Post-Run: 225,482,960,896 bytes free
.
- - End Of File - - 200C26CCEBA1627D4129CAC25DD1066A
A36C5E4F47E84449FF07ED3517B43A31
 



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:43 AM

Posted 07 October 2013 - 02:45 PM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 xmutiiny

xmutiiny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia, Perth
  • Local time:01:43 PM

Posted 07 October 2013 - 09:11 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Professional x64
Ran by Joshua Ackland on Tue 08/10/2013 at 10:02:20.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Joshua Ackland\AppData\Roaming\mozilla\firefox\profiles\dj41ddmj.default\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/10/2013 at 10:05:48.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

# AdwCleaner v3.006 - Report created 08/10/2013 at 10:09:03
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Joshua Ackland - JOSHUAWIN7
# Running from : D:\Users\Joshua Ackland\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Joshua Ackland\AppData\Roaming\Mozilla\Firefox\Profiles\dj41ddmj.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [5402 octets] - [05/10/2013 13:48:46]
AdwCleaner[R1].txt - [920 octets] - [08/10/2013 10:08:43]
AdwCleaner[S0].txt - [5309 octets] - [05/10/2013 13:49:34]
AdwCleaner[S1].txt - [842 octets] - [08/10/2013 10:09:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [901 octets] ##########
 



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:43 AM

Posted 08 October 2013 - 10:45 AM

looking better,

please run the following:
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 xmutiiny

xmutiiny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia, Perth
  • Local time:01:43 PM

Posted 08 October 2013 - 11:40 AM

I just checked firewall and it is now working. Thank you so much for your help!


Edited by xmutiiny, 08 October 2013 - 01:27 PM.


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:43 AM

Posted 08 October 2013 - 12:08 PM

that's good to hear, but please finish up with me as there may be leftovers, if you could run the two scans listed above

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 xmutiiny

xmutiiny
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia, Perth
  • Local time:01:43 PM

Posted 08 October 2013 - 01:17 PM

ESET hasn't finished yet so i will comment it when it is done

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.08.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Joshua Ackland :: JOSHUAWIN7 [administrator]

9/10/2013 12:18:51 AM
mbam-log-2013-10-09 (00-18-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227255
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 


Edited by xmutiiny, 08 October 2013 - 01:26 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users